Hi all, I am writing a demo program in C which sends packets to freeRadius Server. I am having difficulties in understanding the password encryption.. I am not sure how the hashing works.. The sample program given in the ftp site for MD5 hashing takes 2 parameters.. "Key" and "saltstring", Here the key is the Identifier (16 Byte Arbitrary number) and key is the shared secret? The documentation says the procedure is.. ----------------------------------------------------------------------------------------------------------------- The Access-Request packet contains a 16 octet Request Authenticator in the authenticator field. This Request authenticator is a randomly chosen 16 octet string. This packet is completely unprotected, except for the User-Password attribute, which is protected as follows: The client and server share a secret. That shared secret followed by the Request Authenticator is put through an MD5 hash to create a 16 octet value which is XORed with the password entered by the user. If the user password is greater than 16 octets, additional MD5 calculations are performed, using the previous ciphertext instead of the Request Authenticator. More formally: Call the shared secret S and the pseudo-random 128-bit Request Authenticator RA. The password is broken into 16-octet blocks p1, p2, ... pn, with the last block padded at the end with '0's to a 16-octet boundary. The ciphertext blocks are c1, c2... cn. c1 = p1 XOR MD5(S + RA) c2 = p2 XOR MD5(S + c1) . . . cn = pn XOR MD5(S + cn-1) The User-Password attribute contains c1+c2+...+cn, Where + denotes concatenation. ------------------------------------------------------------------------------------------ Please let me know if anyonbe has worked on similar stuff.. Regards, Shan
shan t <tshan77@gmail.com> wrote:
I am writing a demo program in C which sends packets to freeRadius Server. I am having difficulties in understanding the password encryption..
This list is for FreeRADIUS questions, not a general RADIUS Q & A. If you want to know how the MD5 encryption works, read the FreeRADIUS source code. It's publicly available.
Please let me know if anyonbe has worked on similar stuff..
You're joking, right? Alan DeKok.
participants (2)
-
Alan DeKok -
shan t