Am 29.04.2008 um 14:54 schrieb Riccardo Veraldi:
Hello, I used wireshark to sniff communication between my radisu server and the user-password attribute is encrypted
0000 3e ca 2d b0 97 2b b3 f9 0c e9 fc e7 e0 ed e9 fd
to test if this is strong enough I wanted to ask if there is a way to decrypt this user-password attribute since my radisu server is doign proxy to other radius server.
actually my radius server is authenticating a WiFi captive portal and is prosying requests upon username@domainname
user attributes are stripped from domain and sent to proper radius server
my question is how much is risky to have user-passsword attribute travellign across the network ? is the encryption applyed to the user-password strong enough ?
I do not know the particular protocol that you are using, but, as far as I know, mostly if the password is not transported as clear text, it is transpotred as hash, see for example: http://en.wikipedia.org/wiki/Cryptographic_hash_function (As the above dump shows 16 bytes, it could be MD5. If it is, see for example: http://en.wikipedia.org/wiki/Md5 )
thanks
Rick
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841