Adding additional password encryption options

Laurens Vets laurens at
Sun Sep 4 01:43:15 CEST 2016

Hi list,

>> Is it possible to add additional password encryption options to 
>> FreeRADIUS so that the user database can be used as a user/password 
>> store (For instance PBKDF2 or scrypt)?
> Yeah, some guy submitted code to do that, but it was awful.
>> When I look at "man rlm_pap", the amount of encryption options for 
>> passwords are limited when FreeRADIUS is your only user database. I'm 
>> creating a POC where users can register for an account to use certain 
>> services (accessible via radius authentication) and I'm trying to only 
>> use the FreeRADIUS mysql database as a backend to keep it simple, but 
>> the password encryption methods aren't considered secure by today's 
>> standards.
> What, salted SHA512 isn't considered secure by todays standards?
> If you don't mind providing some test output PBKDF2 i'll see if I can
> fix the code I have to not be terrible...

I'm using Python Passlib to generate the below output 
( The author of Passlib recommends 
to use bcrypt, sha512_crypt or pbkdf2_sha512 in applications these days.

On Ubuntu: sudo apt-get python-passlib python3-passlib

>>> from passlib.hash import bcrypt
>>> bcrypt.encrypt('password123')
>>> bcrypt.encrypt('password123', salt='G1gi54hD.9y4ws4Bcg94n.', 
>>> rounds=12)

>>> from passlib.hash import pbkdf2_sha512
>>> pbkdf2_sha512.encrypt('password123')

Next version of Passlib (1.7) will have scrypt as well.

What's the digest for PBKDF2 used in the code you received?

Kind regards,

More information about the Freeradius-Users mailing list