Sorry, for an incomplete question. What i meant was "Does freeradius use SHA1 for hashing the challenge and generating authenticator response in case of MSCHAP2 authentication?" If yes, is there a plan to replace it with SHA2 due to SHA1 deprecation? Will the RFC 2759 be updated for the same? On Tue, Jan 24, 2017 at 8:18 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Jan 24, 2017, at 9:40 AM, Stefan Paetow <Stefan.Paetow@jisc.ac.uk> wrote:
server code itself. I have to admit I've got no idea what the question really is about though.
Hashing support? ;-)
Open-ended questions like that just confuse me. A better question is "Does FR support SHA2 *for a particular purpose*".
Oh, and apparently (if I read rlm_expr.c correctly), FR *does* support SHA2 in the expression engine... any OpenSSL EVP_MD digest is supported (see line 1008 and beyond).
In the code that means SHA256 and SHA512 (according to mod_bootstrap anyway).
Yes. Lots of support for SHA2 for *multiple purposes*. Password comparisons, etc.
Otherwise, a bad answer to the bad question would be "Yes, FreeRADIUS supports SHA2".
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html