AES encrypted passwords
stefan.winter at restena.lu
Fri Sep 30 15:57:37 CEST 2016
Am 30.09.2016 um 12:09 schrieb Dom Latter:
> On 29/09/16 17:57, Bogdan Rudas via Freeradius-Users wrote:
>> Hello Dom,
>> Why don't you go with EAP-TTLS+PAP ? Plain-text password transferred over
>> TLS-secured channel let you use any hashing algorithm you want in your
> As far as I can work out, out-of-the-box support for this protocol only
> arrived for most things in about 2010. We'll have quite a lot of users
> still using machines older than that. I suspect that for commercial
> reasons, it's not an option. I can ask.
>> database. Sure, you have to pay attention for proper device
>> configuration with your CA certificate.
> Do you mean a certificate needs to go on the device?
> I have had a look at this:
> for example and it does not look like a certificate *needs* installing.
You didn't read this yet, did you? Section "User Device Configuration":
No CA checks means all your passwords are up for grabbing for everyone
with a glimpse on Enterprise Wi-Fi.
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users