31 Jul
2007
31 Jul
'07
10:46 a.m.
A.L.M.Buxey@lboro.ac.uk wrote:
hmm, its interesting that the key length is an issue - I guess we _could_ have a much larger number with no real issue...but would that actually gain anything security wise? I also note that MANY NAS devices have much smaller maximum shared secrets (memory is precious I guess..) eg only 16 characters in length!
Yup. MD5 has been pretty much broken. Many RADIUS secrets can be cracked in a few minutes. Shared secrets should be as long as you can make them, and include upper/lowercase letters, numbers, etc. That gives (26+26+10)^16, or about 2^95 possibilities. Alan DeKok.