Of accounting data and security
Natr Brazell
natrbrazell at gmail.com
Mon Aug 9 14:39:41 CEST 2010
Curious why we're fortunate? Could you elaborate some?
On Sun, Aug 8, 2010 at 10:01 PM, Michael Lecuyer <mjl at iterpacis.org> wrote:
> TACACS+ uses an MD5 pad based on the session ID, shared secret, TACACS+
> version, and packet sequence number. This is XOR'd over the packet. The pad
> is in multiples of the MD5 hash length.
>
> The header is sent plain text and includes the sequence number, the session
> ID and version number.
>
> Encoding and decoding are symmetrical. It is not considered strong
> encoding.
>
> We're all fortunate RADIUS doesn't use this to encode packets.
>
> Natr Brazell wrote:
>
>> Thanks,
>> I'm looking into IPSEC at the moment. I'm curious how TACACS+ does their
>> encryption?
>> N
>>
>> On Fri, Aug 6, 2010 at 4:09 PM, Alan DeKok <aland at deployingradius.com<mailto:
>> aland at deployingradius.com>> wrote:
>>
>> Natr Brazell wrote:
>> > Is there a way to secure the communication between the radius
>> server and
>> > the NAS especially wrt accounting data?
>>
>> IPSec.
>>
>> Most NASes implement IPv4, and not much else. "Security" means "don't
>> run RADIUS over a network where users have access".
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100809/bd2f6606/attachment.html>
More information about the Freeradius-Users
mailing list