Adding additional password encryption options
laurens at daemon.be
Sun Sep 4 01:43:15 CEST 2016
>> Is it possible to add additional password encryption options to
>> FreeRADIUS so that the user database can be used as a user/password
>> store (For instance PBKDF2 or scrypt)?
> Yeah, some guy submitted code to do that, but it was awful.
>> When I look at "man rlm_pap", the amount of encryption options for
>> passwords are limited when FreeRADIUS is your only user database. I'm
>> creating a POC where users can register for an account to use certain
>> services (accessible via radius authentication) and I'm trying to only
>> use the FreeRADIUS mysql database as a backend to keep it simple, but
>> the password encryption methods aren't considered secure by today's
> What, salted SHA512 isn't considered secure by todays standards?
> If you don't mind providing some test output PBKDF2 i'll see if I can
> fix the code I have to not be terrible...
I'm using Python Passlib to generate the below output
(https://pypi.python.org/pypi/passlib). The author of Passlib recommends
to use bcrypt, sha512_crypt or pbkdf2_sha512 in applications these days.
On Ubuntu: sudo apt-get python-passlib python3-passlib
>>> from passlib.hash import bcrypt
>>> bcrypt.encrypt('password123', salt='G1gi54hD.9y4ws4Bcg94n.',
>>> from passlib.hash import pbkdf2_sha512
Next version of Passlib (1.7) will have scrypt as well.
What's the digest for PBKDF2 used in the code you received?
More information about the Freeradius-Users