How secure is the radius encryption
Hello, I wonder if the radius encryption between radius client and radius is secure enough if you choose a decent password like the following: 'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a(' Or if someone should always protect the connection between radius client to radius server using ipsec or some other VPN software like for example openvpn? I don't want to do radius over the internet but in a coporate intranet. However I want also to absolutly sure that noone is reading my pap passwords on the wire between radius client and radius server. Cheers, Thomas
Thomas Glanzmann wrote:
I wonder if the radius encryption between radius client and radius is secure enough if you choose a decent password like the following:
No one knows. The method RADIUS uses isn't encryption. It's more technically called "obfuscation" in the crypto world. The reason is that it's not normal encryption like AES or DES. So no one knows what it is.
'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a(' Or if someone should always protect the connection between radius client to radius server using ipsec or some other VPN software like for example openvpn? I don't want to do radius over the internet but in a coporate intranet. However I want also to absolutly sure that noone is reading my pap passwords on the wire between radius client and radius server.
It's secure enough for the local intranet. I'd also suggest putting the traffic onto a management VLAN. That helps, too. Alan DeKok.
The passwords are weakly encrypted using a mechanism that is basically an XOR of the password and an MD5 hash of the request authenticator and the shared secret. It is not reasonably feasible to reverse the encryption from a single packet without knowing the shared secret. However, since the request authenticator and the username are readable in the packet, it is theoretically possible to reverse engineer the shared secret if someone would capture enough successful logins from the same user, on the same NAS, using the same password. Once the shared secret was compromised, all requests to/from that NAS could be decrypted. To limit your exposure, use a strong shared secret that is unique on each NAS. Enforce password expiration and uniqueness on user accounts. Change your shared secrets periodically and protect them like any other 'superuser' password. Limit the physical exposure of the transaction by using local radius servers and/or link level encryption on the WAN. All of these suggestions limit the number of packet an intruder can use to attack your encryption and the window that a compromise would be useful. Depending on the size of your network, it may be worth your time to deploy radsec. There are very few clients that currently support the draft standard, but I've had great success deploying localized proxies to convert standard UDP radius to TCP/TLS encrypted radius. Thanks, Jason On Tue, Apr 3, 2012 at 12:04 PM, Thomas Glanzmann <thomas@glanzmann.de>wrote:
Hello, I wonder if the radius encryption between radius client and radius is secure enough if you choose a decent password like the following: 'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a(' Or if someone should always protect the connection between radius client to radius server using ipsec or some other VPN software like for example openvpn? I don't want to do radius over the internet but in a coporate intranet. However I want also to absolutly sure that noone is reading my pap passwords on the wire between radius client and radius server.
Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Jason,
The passwords are weakly encrypted using a mechanism that is basically an XOR of the password and an MD5 hash of the request authenticator and the shared secret.
thanks for the thorough explanation, I'll go with IPSEC or openvpn. I recall reading in Bruce Schneiers book 'Secret and lies' that xor is only secure if you use the key only once, so it is very easy to break it if you see enough traffic, probably also with different usernames. Cheers, Thomas
Thomas Glanzmann wrote:
thanks for the thorough explanation, I'll go with IPSEC or openvpn. I recall reading in Bruce Schneiers book 'Secret and lies' that xor is only secure if you use the key only once, so it is very easy to break it if you see enough traffic, probably also with different usernames.
No. This is why you leave crypto to the experts. The above explanation is based on a superficial understanding "xor is bad", without also knowing how the RADIUS "encryption" method works. The people who designed RADIUS aren't complete idiots, they do NOT use the same key to encrypt passwords for different usernames. I do *not* want misinformation to be spread on this list. For NAS to RADIUS server communication, IPSec is probably overkill. The NAS doesn't do IPSec, so you still have "insecure" traffic between the NAS and the local IPSec gateway. All of this traffic is on a local intranet. So... you might as well just use plain RADIUS. Pick a strong shared secret, and don't worry about it. Over-complicating things means that your network is more fragile, and less likely to work. The main use for IPSec in RADIUS is for long-haul links. e.g. across the Internet, or between multiple campuses of a company. Don't over-think the problem. And as always, be careful before ignoring the advice on this list. Alan DeKok.
participants (3)
-
Alan DeKok -
Jason Rohm -
Thomas Glanzmann