radius user-password on the wire
Nicolas Goutte
nicolas.goutte at extragroup.de
Tue Apr 29 16:12:57 CEST 2008
Am 29.04.2008 um 14:54 schrieb Riccardo Veraldi:
> Hello,
> I used wireshark to sniff communication between my radisu server and
> the user-password attribute is encrypted
>
> 0000 3e ca 2d b0 97 2b b3 f9 0c e9 fc e7 e0 ed e9 fd
>
>
> to test if this is strong enough I wanted to ask if there is a way
> to decrypt
> this user-password attribute since my radisu server is doign proxy
> to other radius server.
>
> actually my radius server is authenticating a WiFi captive portal
> and is prosying requests upon username at domainname
>
> user attributes are stripped from domain and sent to proper radius
> server
>
> my question is how much is risky to have user-passsword attribute
> travellign across
> the network ? is the encryption applyed to the user-password strong
> enough ?
I do not know the particular protocol that you are using, but, as far
as I know, mostly if the password is not transported as clear text,
it is transpotred as hash, see for example:
http://en.wikipedia.org/wiki/Cryptographic_hash_function
(As the above dump shows 16 bytes, it could be MD5. If it is, see for
example: http://en.wikipedia.org/wiki/Md5 )
>
> thanks
>
> Rick
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
More information about the Freeradius-Users
mailing list