My previous message was accidentally sent before I completed it, so to continue. First of all, I'd like to add that this is not an offense to anyone, I just want to be able to verify your claims that the usage of an insecure hashing/encryption method does not compromise the entire security of RADIUS. My endgoal is to have a central authentication system that is secure.
That's a simplistic approach. Relying on buzzwords is no substitute for understanding.
I wouldn't call DES/3DES/MD5 buzzwords, just the names of the relevant hashing and encryption algorithms. I have a background in computer science, so I do understand these algorithms. However my daily job is not that of security officer/expert. I was taught that the usage of these algorithms are reason for concern and should be avoided if possible. Could you please clarify (or give pointers to documentation that counters the statements below) why the usage of MD5 in RADIUS has no known security problems? Because I found resources that appear to indicate otherwise: - http://www.untruth.org/~josh/security/radius/radius-auth.html (Research from 2001) - http://www.blackhat.com/presentations/bh-asia-00/jeremy-dave/jeremy-dave-asi... Related: - https://www.ietf.org/rfc/rfc6614.txt and (related) https://en.wikipedia.org/wiki/Diameter_(protocol) (why would someone make this if RADIUS itself is secure?) - It should be noted that back in 2002 Microsoft already called the usage of EAP-(T)TLS or IPSEC for RADIUS traffic 'best practice' (see previously mentioned MSDN page). Thanks in advance. 2015-08-21 14:01 GMT+02:00 Qrious <Qrious@semtexgaming.com>:
Hi,
First i'll reply to your comments:
Use RADIUS the way it was designed. The people who've spent 20 years working with it are competent.
I never said that were not competent. I was only refering to the fact that time changes perspective on security standards, as hardware and theoretical knowledge advance. Mainly because of this, I want to select strong modern cryptography now, to ensure it's security for the first decade.
Honestly, do you think in 2015 that we'd be recommending the use of protocols which were broken and insecure? Even Microsoft doesn't do that any more.
I hoped not (as my research showed), but fact is that cryptography is a complex field. Still there are a lot of services that (only) use insecure encryption, but that is an entirely other topic.
I looked some further into the protocol. Because other people might stumble onto this thread, i'll give links to some useful resources.
A good resource (although 13 years old) is: https://msdn.microsoft.com/en-us/library/bb742489.aspx (Why do you always find the useful resources after you really needed them?)
Based on some slides of a guest lecture of an Eduroam engineer (which I can not share):
User-Password = password XOR MD5(RequestAuth + Secret) (for passwords of length up to 16 - chaining procedure for longer passwords)
2015-08-21 12:21 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Aug 21, 2015, at 5:29 AM, Qrious <Qrious@semtexgaming.com> wrote:
I'm setting up a RADIUS server which among others has to be linked to PAM. One of my primary requirements is that is uses secure cryptography. The main question is:
1. Does the PAM Radius module support EAP-TTLS with an inner tunnel of PAP?
No.
Most supported protocols are based on MD5, which has been severly comprimised[1], or a single DES key (MSCHAP V2) [2], which is also comprimised. So that only leaves the TLS based protocols,
That's a simplistic approach. Relying on buzzwords is no substitute for understanding.
The truth is that the use of MD5 in RADIUS has no known security problems. So your worries are unfounded.
If you know a more secure setup, don't hesitate to advice me :). Also if I made a mistake somewhere, don't hesitate to correct me :)
Use RADIUS the way it was designed. The people who've spent 20 years working with it are competent.
As a final remark, I think it would be beneficial for the security of many account details, both transfered and stored for (FREE)RADIUS, to include clear warnings on the pages about insecure protocols/authentication standards.
No. Because there are no security problems.
Honestly, do you think in 2015 that we'd be recommending the use of protocols which were broken and insecure? Even Microsoft doesn't do that any more.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html