radius user-password on the wire
John Dennis
jdennis at redhat.com
Tue Apr 29 16:14:47 CEST 2008
Riccardo Veraldi wrote:
> Hello,
> I used wireshark to sniff communication between my radisu server and
> the user-password attribute is encrypted
>
>
> 0000 3e ca 2d b0 97 2b b3 f9 0c e9 fc e7 e0 ed e9 fd
>
>
> to test if this is strong enough I wanted to ask if there is a way to
> decrypt
> this user-password attribute since my radisu server is doign proxy to
> other radius server.
>
> actually my radius server is authenticating a WiFi captive portal
> and is prosying requests upon username at domainname
>
> user attributes are stripped from domain and sent to proper radius server
>
> my question is how much is risky to have user-passsword attribute
> travellign across
> the network ? is the encryption applyed to the user-password strong
> enough ?
Some analysis in the document cited below, I can't comment on the
quality of the analysis or it's conclusions, perhaps others might.
An Analysis of the RADIUS Authentication Protocol
http://www.untruth.org/~josh/security/radius/radius-auth.html
--
John Dennis <jdennis at redhat.com>
More information about the Freeradius-Users
mailing list