Freeradius as a proxy to Windows IAS - Solved!
Alan DeKok
aland at deployingradius.com
Tue Jul 31 16:46:07 CEST 2007
A.L.M.Buxey at lboro.ac.uk wrote:
> hmm, its interesting that the key length is an issue - I guess we
> _could_ have a much larger number with no real issue...but would
> that actually gain anything security wise? I also note that MANY
> NAS devices have much smaller maximum shared secrets (memory is
> precious I guess..) eg only 16 characters in length!
Yup.
MD5 has been pretty much broken. Many RADIUS secrets can be cracked
in a few minutes. Shared secrets should be as long as you can make
them, and include upper/lowercase letters, numbers, etc. That gives
(26+26+10)^16, or about 2^95 possibilities.
Alan DeKok.
More information about the Freeradius-Users
mailing list