Mikrotik Dissconect

Alan DeKok aland at deployingradius.com
Thu Jun 10 16:39:50 CEST 2010

f0rud wrote:
> Thats the problem, version 1.1.8 have no problem!(This time I check this
> myself. with the code from download page.)

  OK... you haven't said which version of FreeRADIUS you're using.  Let
me guess: it's not 2.1.9.

>>> I see the code for another messages (for ex: PW_AUTHENTICATION_REQUEST)
>>> you just ignore the code,
>>   Uh... no.  It does not do that.
> So check this at radius.c about line 2110

  <sigh>  Please read the text you post to the list.

> 			/*
> 			 *	The authentication vector is random
> 			 *	nonsense, invented by the client.
> 			 */

  What do you think that means?

> and after this break, the function return 0 that means OK , so where the
> code take care of this messages digest?

  It doesn't.  It's not *supposed* to.  Read the RFCs.

> This timing attack (I read the comment on the code) so bypassing this
> function (rad_verify) means some one can do this attack,

  Nonsense.  The timing attack is being able to tell the difference
between comparing 8, or 16 bytes for equality. "Bypassing the function"
means it always compares *zero* bytes for equality.

  How do you do a timing attack by telling the difference between
comparing zero, or zero bytes for equality?  The answer is: you don't.

> and If yo don't
> believe me, check the code, any PW_AUTHENTICATION_REQUEST package will
> pass this function. 
> so what difference, and why this pass exist at all when there is some
> exception?

  I suggest reading the code *and* the RFCs before leaping to conclusions.

  Alan DeKok.

More information about the Freeradius-Users mailing list