Authentication protocols that DO support hashed passwords

Stefan Winter stefan.winter at restena.lu
Thu Nov 13 17:20:19 CET 2014


Hi,

>> There's mention on the janet/eduroam site about EAP-PWD being used with salted hashes: https://community.ja.net/groups/eduroam/document/eap-pwd-moving-towards-deployable-standard.
>>
>> Did anything come of that?
> It's an RFC... http://tools.ietf.org/html/rfc5931 :-)
>
> But yeah... if no supplicant supports it (wpa_supplicant does), it's not going anywhere... :-/

That's very incorrect. There's a supplicant for Windows, and even
Android exposes it in it's UI (by virtue of having wpa_supplicant in the
backend).

There's a new I-D to allow salted hashes (as opposed to "only" hashes in
its first version).

It's true that it has not been exposed much, the main and only argument
being "the crypto is complex and has not been tested enough by
cryptographers". IMHO, cryptopgraphy researchers should GET GOING and
evaluate it instead of complaining that their community hasn't evaluated
it enough yet.

BTW, eduroam CAT and https://802.1x-config.org support EAP-pwd for
Windows (we ship the supplicant in the Windows CAT installer).

Greetings,

Stefan Winter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3248 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141113/603f6094/attachment.key>


More information about the Freeradius-Users mailing list