Authentication protocols that DO support hashed passwords
Alan DeKok
aland at deployingradius.com
Tue Nov 11 21:03:46 CET 2014
E.S. Rosenberg wrote:
> Since the hashing functions also exist on the client side what stops
> the protocols from basing the hash requested from the client on the
> _hash_ of the users' password?
They're not designed to do that.
This isn't a difficult concept. Protocols are defined to have a
certain behavior. You can't just randomly change the behavior, and
expect the same results.
All of the rest of your speculations are based on inexperience, and a
lack of understanding of how these protocols work. We're not the ones
who designed the protocols. We're not the ones who implemented the
Microsoft, Apple, etc. side of the protocols. We're just explaining to
you why your ideas won't work.
There's no point in discussing changes on this list. For one, you
don't know what changes to make, because you don't know how the
protocols work. For two, we don't control the protocol design or their
implementations.
Alan DeKok.
More information about the Freeradius-Users
mailing list