Salted SHA security

Alan DeKok aland at
Mon Feb 23 22:33:20 CET 2015

On Feb 23, 2015, at 3:48 PM, Robert Graham <robert_graham at> wrote:
> How does the authentication for the Salted SHA-512 get handled?


> Yes, I know you can pull the hashed/salted password from a sql database or
> locally, but how does the FreeRadius server compare the users input
> password which would only be the first 64 bytesand the rest being the
> salt, when the user has only entered in their username and password at the
> prompts (I.E. mobile devices or laptops). Doesnt the server need to have
> the users password and salt to be able to compare the pulled password with
> the entered in password?

  Please use standard terminology.  That makes it easier to understand.

  The SSHA-Password is then password taken from (e.g.) a database.  It’s called “SSHA” password because it contains a salt, and a SHA hash of the salt and the password.

  The User-Password is what the user entered when they tried to log in.

  You can compare the two by doing a SHA hash of the salt and User-Password.  If the result is the same as the SSHA-Password, then the User-Password is correct.  Otherwise, it’s not.

> If I use radtest everything works just fine locally, but once PEAP is
> integrated into the mix, it fails (i.e. laptop,cell phone). Am I reading
> the protocol compability matrix incorrectly then?

  I have no idea.  You’re not saying what part of the matrix you’re reading, or what conclusions you draw from it.

  In short, PEAP is incompatible with salted passwords.  SMD5, SSHA, SSHA512, etc.  None of them will work with PEAP.

  Alan DeKok.

More information about the Freeradius-Users mailing list