Hi everyone Please ignore my postings about problems with IAS authentication. I have just read this in the FAQ: "FreeRADIUS is limited to 16 characters for the shared secret." The shared secret on our IAS server is 25 characters long :-( Thanks anyway Clive
Clive Gould wrote:
I have just read this in the FAQ:
"FreeRADIUS is limited to 16 characters for the shared secret."
The shared secret on our IAS server is 25 characters long :-(
The limit in 1.1.7 is 32 characters, not 16. And if you use radclient, there is no limit to the secret length. 1) Use radclient on the machine running FreeRADIUS to test IAS with the 25-character shared secret. If that works, 2) Type the secret into FreeRADIUS. Alan DeKok.
Hi,
The limit in 1.1.7 is 32 characters, not 16. And if you use radclient, there is no limit to the secret length.
1) Use radclient on the machine running FreeRADIUS to test IAS with the 25-character shared secret. If that works,
2) Type the secret into FreeRADIUS.
hmm, its interesting that the key length is an issue - I guess we _could_ have a much larger number with no real issue...but would that actually gain anything security wise? I also note that MANY NAS devices have much smaller maximum shared secrets (memory is precious I guess..) eg only 16 characters in length! alan
A.L.M.Buxey@lboro.ac.uk wrote:
hmm, its interesting that the key length is an issue - I guess we _could_ have a much larger number with no real issue...but would that actually gain anything security wise? I also note that MANY NAS devices have much smaller maximum shared secrets (memory is precious I guess..) eg only 16 characters in length!
Yup. MD5 has been pretty much broken. Many RADIUS secrets can be cracked in a few minutes. Shared secrets should be as long as you can make them, and include upper/lowercase letters, numbers, etc. That gives (26+26+10)^16, or about 2^95 possibilities. Alan DeKok.
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Clive Gould