shared-secret

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Jan 31 23:52:01 CET 2011


Hi,

> freeRadius seems to have a 32 character limit on the length of the shared-secret.  Is there any way to override that or use a longer shared-secret?

there have been discussions about this in the past.  at the time, common 
length was 16 char.... 32 is big..and with Message-Authenticator added
into the mix you can get quite secure... but if you are being paranoid
then RADIUS o/ TLS (aka RADSEC) is the way to go.... FR doesnt yet do RADSEC
natively - RADSecProxy would be the answer... 

you you could think that XOR is still safe with bigger numbers..in which case,
changes could be made...but that presumes that other RADIUS servers
which can TAKE longer secrets actually honour those lengths and dont just
truncate them 

alan



More information about the Freeradius-Users mailing list