Thanks to all whom replied for your insight and direction. Regards, Chuck On Fri, 2005-09-16 at 20:10, Stefan.Neis@t-online.de wrote:
Hi,
You must have missed the information in RFC 2865 (RADIUS), which is also a Fine Manual. The PAP password is XOR'd with the MD5 hash of the shared secret and the authenticator.
Yes, that's a bit clearer than saying "the password is hashed", since it also shows that the process is reversible and you can easily obtain the cleartext password from the "obfuscated" password.
You've been reading about the protocol prior to the RADIUS client's involvment. The same thing applies to CHAP, just to head you off.
No, not quite. Here, the password is (essentially) used as a key to compute the hash value of a challenge. Most notably, this means you (or the server) have no way whatsoever to get back to the clear text password from what is transmitted to the server.
Regards, Stefan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html