radius user-password on the wire
Alan DeKok
aland at deployingradius.com
Tue Apr 29 16:10:18 CEST 2008
Riccardo Veraldi wrote:
> I used wireshark to sniff communication between my radisu server and
> the user-password attribute is encrypted
Yes... go read the RFC's. This is what's supposed to happen. We're
already aware of it.
> to test if this is strong enough I wanted to ask if there is a way to
> decrypt
> this user-password attribute since my radisu server is doign proxy to
> other radius server.
Huh? If you have a shared secret with the NAS, the proxy will
automatically decrypt it. There's nothing more that you need to do.
> my question is how much is risky to have user-passsword attribute
> travellign across
> the network ? is the encryption applyed to the user-password strong
> enough ?
It's good enough for most people.
Alan DeKok.
More information about the Freeradius-Users
mailing list