Secure Storage and Transport of User Credentials
Marco Macala
marco.macala at gmail.com
Wed Jul 11 15:04:58 CEST 2012
> if you dont trust the network then you will also need to looking at using
TLS to transport
> things around - eg RADSEC or a VPN tunnel.
isn't the point of PEAP that i don't need them because it is wrapped in an
encrypted communication?
> as for NT hash - yes, there are security issues but only if you have
access to them
> or expose them - if you bind the FreeRADIUS system to an AD and use eg
ntlm_auth then the NThash
> isnt accessed.
The thing is, i can't use AD to store the passwords. Specifically, i would
like to store the password as a salted hash.
I want something like this:
- encrypted channel between authenticator and radius server
- passwords stored as a salted hash
2012/7/11 alan buxey <A.L.M.Buxey at lboro.ac.uk>
> Hi,
> > The problem is, that I do not trust the network and I don't want to
> store
> > the password in plain.
> > Also, isn't the NT Hash insecure beacuse it is easily cracked? Or am i
> > mixing things up?
>
> if you dont trust the network then you will also need to looking at using
> TLS to transport
> things around - eg RADSEC or a VPN tunnel.
>
> as for NT hash - yes, there are security issues but only if you have
> access to them
> or expose them - if you bind the FreeRADIUS system to an AD and use eg
> ntlm_auth then the NThash
> isnt accessed.
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120711/a569c86c/attachment.html>
More information about the Freeradius-Users
mailing list