Reversibly encrypted passwords in SQL
Hello, is there any way of using reversibly encrypted passwords together with a mySQL backend? Currently, our passwords are stored as User-Password in clear text. I'd like to move on to using something like Crypt-Password := {algo-prefix}blablabla with an algorithm that encrypts reversibly. I failed to see a list of supported algorithms in the docs, a pointer would be nice... Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
I'd also like to do this - although non-reversable encryption (like MD5) would suit us - eg, password is encrypted in the table, and is encrypted and compared when a user's password is checked. How is encryption meant to be done in the MySQL module at all? Jan On 09/10/06, Stefan Winter <stefan.winter@restena.lu> wrote:
Hello,
is there any way of using reversibly encrypted passwords together with a mySQL backend? Currently, our passwords are stored as User-Password in clear text. I'd like to move on to using something like
Crypt-Password := {algo-prefix}blablabla
with an algorithm that encrypts reversibly. I failed to see a list of supported algorithms in the docs, a pointer would be nice...
Greetings,
Stefan Winter
-- Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jan Mulders wrote:
I'd also like to do this - although non-reversable encryption (like MD5) would suit us - eg, password is encrypted in the table, and is encrypted and compared when a user's password is checked.
How is encryption meant to be done in the MySQL module at all?
You could use NT-hash from the NT/LM hash codes. NT-Password := [32 hex chars in lowercase] Then use something which likes NT hashing, such as MSchapv2 or a PAP instance configured to do NT-hashing... like so modules{ PAP nthashpap { encryption_scheme = nt } } and subsequently... authenticate{ Auth-Type PAP{ nthashpap } } Cheers Rob -- Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST rob gets mail at techniumcast.com
"Jan Mulders" <lastchancehotel@gmail.com> wrote:
I'd also like to do this - although non-reversable encryption (like MD5) would suit us - eg, password is encrypted in the table, and is encrypted and compared when a user's password is checked.
This is already supported in 1.1.x, and is a little easier in the CVS head. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Stefan Winter <stefan.winter@restena.lu> wrote:
is there any way of using reversibly encrypted passwords together with a mySQL backend?
Not really, no. But it shouldn't be too hard to add...
with an algorithm that encrypts reversibly. I failed to see a list of supported algorithms in the docs, a pointer would be nice...
There are no reversible encryption methods supported. You would have to: 1 - define an attribute in the dictionary, say "Reversibly-Encrypted-Password" 2 - write code (probably a module) to decrypt that attribute using a key, and create Cleartext-Password from it 3 - write a program to turn clear-text passwords into encrypted ones. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (4)
-
Alan DeKok -
Jan Mulders -
Rob Shepherd -
Stefan Winter