Silly question - secure Radius?

Shawn Kennedy shawnlkennedy at
Thu Jul 7 20:12:41 CEST 2005

> -----Original Message-----
> From: aland at [mailto:aland at]On Behalf Of Alan
> DeKok
> Sent: Thursday, July 07, 2005 12:36 PM
> To: shawnlkennedy at; FreeRadius users mailing list
> Subject: Re: Silly question - secure Radius? 
> "Shawn Kennedy" <shawnlkennedy at> wrote:
> > I am just getting started with setting up 
> > Radius, and  with the reading I've done (mostly 
> > with the O'Reilly book), it seems that Radius 
> > in itself is insecure. Sure, you can use a 
> > Shared Secret and the password is sent with a 
> > MD5 hash, but is there anything better?
>   "radsec", which Radiator just came out with.
>   I've taken a quick look at it, but I don't think it will be easy to
> implement inside of the current server.  Adding it via an external
> program should be relatively trivial, though.

Hi Alan,

Thanks for the heads up.  Wasn't aware of such a thing.
I briefly looked at CHAP, but abandoned it for the 
obvious reasons.  Looking into EAP-TLS, but don't
have a PKI infrastructure set up yet.

Just as a side question, is this sort of thing
on FreeRadius's radar screen?

Thanks again,


More information about the Freeradius-Users mailing list