NTLM hashed passwords.
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Jul 15 19:35:29 CEST 2016
> On Jul 15, 2016, at 1:20 PM, freeradius-users at latter.org wrote:
>
> On 15/07/16 16:52, Arran Cudbard-Bell wrote:
>> No. All modern supplicants and authentication clients use MSCHAPv2.
>
> Sounds promising.
>
>> The most common applications are PEAPv0 and PPTP.
>>
>> There's not a huge advantage in storing unsalted MD4 hashed passwords.
>
> In terms of security? It ticks the box marked "did the best we could".
No, the best you could would be to use EAP-TLS, because PEAP and TTLS are
horrifically insecure in their current OSX and Windows implementations.
> And it does protect those who use long passwords.
Not really, you just need to find a collision, the length of the password
doesn't matter for that type of attack.
It does stop an attacker using the collided password with another service,
that's about it.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160715/9055a570/attachment.sig>
More information about the Freeradius-Users
mailing list