PAP what password encryption is used?
Hello, I've been asked to setup freeradius to talk to a SQL Server database which contains users and passwords. This was not so much of a pain but I can't figure what password encryption is used. So I had hoped somebody with some more password encryption experience could shine a light here :) In the database I've set a password to 'testing' which results in the database as: DC724AF18FBDD4E59189F5FE768A5F8311527050 This looks like a SHA algorithm? I've browsed through the source code of the program that generates these password hashes. Indeed it uses SHA. This is the library they use: http://www.aspencrypt.com/object_context.html#CreateHash. They use the 'calgSHA'. But when I set the Password attribute in freeradius to SHA_password it doesn't match. It reads the database succesfully when I set User_password and use the hash as a password: radtest test@bla.com DC724AF18FBDD4E59189F5FE768A5F8311527050 localhost 0 testing123 Sending Access-Request of id 61 to 127.0.0.1 port 1812 User-Name = "test@bla.com" User-Password = "DC724AF18FBDD4E59189F5FE768A5F8311527050" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=61, length=43 Service-Type = Framed-User Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "132" But when I change User-Password to SHA-Password it doesn't match: radtest test@bla.com testing localhost 0 testing123 Sending Access-Request of id 131 to 127.0.0.1 port 1812 User-Name = "test@bla.com" User-Password = "testing" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Re-sending Access-Request of id 131 to 127.0.0.1 port 1812 User-Name = "test@bla.com" User-Password = "testing" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=131, length=20 So this isn't a SHA password hash? I don't know for sure if this the same encryption method but 'echo testing | openssl sha' generates a different hash: 581165b0cc90703a8e669d91effba108fbe2c83c Rg, Arnaud -- View this message in context: http://www.nabble.com/PAP-what-password-encryption-is-used--tp18887393p18887... Sent from the FreeRadius - User mailing list archive at Nabble.com.
PAP needs cleartext passwords See: http://en.wikipedia.org/wiki/Password_authentication_protocol Am 08.08.2008 um 11:53 schrieb sphaero:
Hello,
I've been asked to setup freeradius to talk to a SQL Server database which contains users and passwords. This was not so much of a pain but I can't figure what password encryption is used. So I had hoped somebody with some more password encryption experience could shine a light here :)
In the database I've set a password to 'testing' which results in the database as:
DC724AF18FBDD4E59189F5FE768A5F8311527050
This looks like a SHA algorithm? I've browsed through the source code of the program that generates these password hashes. Indeed it uses SHA. This is the library they use: http://www.aspencrypt.com/object_context.html#CreateHash. They use the 'calgSHA'. But when I set the Password attribute in freeradius to SHA_password it doesn't match.
[...]
Rg,
Arnaud -- View this message in context: http://www.nabble.com/PAP-what- password-encryption-is-used--tp18887393p18887393.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
Nicolas Goutte-2 wrote:
PAP needs cleartext passwords
See: http://en.wikipedia.org/wiki/Password_authentication_protocol
Yes, I know. But in order to match the cleartext password to the encrypted password in the database it needs to know what encryption is used. Rg, Arnaud Loonstra -- View this message in context: http://www.nabble.com/PAP-what-password-encryption-is-used--tp18887393p18890... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Am 08.08.2008 um 13:25 schrieb sphaero:
Nicolas Goutte-2 wrote:
PAP needs cleartext passwords
See: http://en.wikipedia.org/wiki/Password_authentication_protocol
Yes, I know. But in order to match the cleartext password to the encrypted password in the database it needs to know what encryption is used.
Sorry, I have answered too quickly. It is not PAP that needs cleartext passwords on the server.
Rg,
Arnaud Loonstra -- View this message in context: http://www.nabble.com/PAP-what- password-encryption-is-used--tp18887393p18890180.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
SHA1: 20 chars (40 hex) MD5: 16 chars (31 hex) Your hash looks like SHA1. T.
-----Oorspronkelijk bericht----- Van: freeradius-users-bounces+list=securew2.com@lists.freeradius.org [mailto:freeradius-users-bounces+list=securew2.com@lists.freeradius.org] Namens sphaero Verzonden: vrijdag 8 augustus 2008 13:26 Aan: freeradius-users@lists.freeradius.org Onderwerp: Re: PAP what password encryption is used?
Nicolas Goutte-2 wrote:
PAP needs cleartext passwords
See: http://en.wikipedia.org/wiki/Password_authentication_protocol
Yes, I know. But in order to match the cleartext password to the encrypted password in the database it needs to know what encryption is used.
Rg,
Arnaud Loonstra -- View this message in context: http://www.nabble.com/PAP-what-password- encryption-is-used--tp18887393p18890180.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
Nicolas Goutte -
SecureW2 (List) -
sphaero