Riccardo Veraldi wrote:
Hello, I used wireshark to sniff communication between my radisu server and the user-password attribute is encrypted
0000 3e ca 2d b0 97 2b b3 f9 0c e9 fc e7 e0 ed e9 fd
to test if this is strong enough I wanted to ask if there is a way to decrypt this user-password attribute since my radisu server is doign proxy to other radius server.
actually my radius server is authenticating a WiFi captive portal and is prosying requests upon username@domainname
user attributes are stripped from domain and sent to proper radius server
my question is how much is risky to have user-passsword attribute travellign across the network ? is the encryption applyed to the user-password strong enough ?
Some analysis in the document cited below, I can't comment on the quality of the analysis or it's conclusions, perhaps others might. An Analysis of the RADIUS Authentication Protocol http://www.untruth.org/~josh/security/radius/radius-auth.html -- John Dennis <jdennis@redhat.com>