Radius-Client Access Request Password

Johannes Luther johannes.luther at gmx.de
Wed Oct 4 20:27:06 CEST 2006

Hi all,

I'm pretty new in that "Radius Business", so forgive me if I ask dumb
I see no chance, that someone could answer me my question in a Forum or
in the normal mailing-list.

I'm currenty developing a radius client class (Open-Source) in c#. I
couldn't find something like that, but I need it to do certain things.
Everything works fine and is clear regarding the construction of a
radius paket, EXCEPT the ugly part of encrypting the user-password.
I'm not talking about CHAP.

The RFC's (http://www.freeradius.org/rfc/rfc2865.html#User-Password)
sais the following:

b1 = MD5(S + RA)       c(1) = p1 xor b1

S is the Shared Secret
RA is the random 16byte Request Authenticator
and p1 is the first octet of the user password.
For this example, the user password only has one byte (1 char) and the
Shared Secret consists only of one char, too.

S  = a (ASCII)
p  = b (ASCII)
RA = EFB585C9F8CFB480B4F4B083B481E78E (HEX)

1.) How to do the operation (S+RA) ???
    Do I have to convert the String a to a hex value (ASCII Table) ??

2.) How to XOR the user password with b?
    OK ... the b is the easy part, because it's already a 16byte hex
value... but how do I have to convert the user password (in this case "b") ?
    Is it a ASCII Conversion? if this would be the case, the char b is
0x62 hex.

Could someone please explain that stuff to me?

Kind regards,

More information about the Freeradius-Devel mailing list