Thomas Glanzmann wrote:
I wonder if the radius encryption between radius client and radius is secure enough if you choose a decent password like the following:
No one knows. The method RADIUS uses isn't encryption. It's more technically called "obfuscation" in the crypto world. The reason is that it's not normal encryption like AES or DES. So no one knows what it is.
'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a(' Or if someone should always protect the connection between radius client to radius server using ipsec or some other VPN software like for example openvpn? I don't want to do radius over the internet but in a coporate intranet. However I want also to absolutly sure that noone is reading my pap passwords on the wire between radius client and radius server.
It's secure enough for the local intranet. I'd also suggest putting the traffic onto a management VLAN. That helps, too. Alan DeKok.