Salted Sha512?

Robert Graham robert_graham at
Thu Jan 15 01:55:25 CET 2015

Matt / Development Team,

Would it be possible to integrate Salted SHA-512 into freeradius. I did
speak with our contact with the PCI Compliance team and they are saying
that the information has to be SHA-512/Salted... In the next few years
they are talking about SHA-3 if it gets finalized.

I would really appreciate if someone on the team could do this :)

Robert Graham
Network Engineer
U-Haul International
2727 N. Central Ave
Phoenix, AZ 85004

FreeRadius users mailing list <freeradius-users at>
>On Mon, Jan 12, 2015 at 04:29:27PM -0700, Robert Graham wrote:
>> This is what I have but yet I know it is incorrect. I dont want to use
>> groups, it is strictly for someone to logon to our vpn and wireless
>> connections. The passwords are stored in SHA-512 with Salt and
>Just be aware that if your passwords are SHA-512 you're limiting
>wireless authentication to something that involves PAP (e.g.
>EAP/TTLS-PAP), which e.g Windows<8.0 doesn't support natively.
>Then you're down to something like Arran suggested
>in inner-tunnel authorize:
>update control {
>  SHA2-Password := "%{sql:SELECT password FROM table WHERE ...}"
>Matthew Newton, Ph.D. <mcn4 at>
>Systems Specialist, Infrastructure Services,
>I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>For IT help contact helpdesk extn. 2253, <ithelp at>
>List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list