Use of SHA1 with RADIUS server

Logeswari Viswanath logi85 at gmail.com
Wed Jan 25 05:23:01 CET 2017


Sorry, for an incomplete question.

What i meant was "Does freeradius use SHA1 for hashing the challenge and
generating authenticator response in case of MSCHAP2 authentication?" If
yes, is there a plan to replace it with SHA2 due to SHA1 deprecation? Will
the RFC 2759 be updated for the same?


On Tue, Jan 24, 2017 at 8:18 PM, Alan DeKok <aland at deployingradius.com>
wrote:

>
> > On Jan 24, 2017, at 9:40 AM, Stefan Paetow <Stefan.Paetow at jisc.ac.uk>
> wrote:
> >
> >> server code itself. I have to admit I've got no idea what the question
> >> really is about though.
> >
> > Hashing support? ;-)
>
>   Open-ended questions like that just confuse me.  A better question is
> "Does FR support SHA2 *for a particular purpose*".
>
> > Oh, and apparently (if I read rlm_expr.c correctly), FR *does* support
> SHA2 in the expression engine... any OpenSSL EVP_MD digest is supported
> (see line 1008 and beyond).
> >
> > In the code that means SHA256 and SHA512 (according to mod_bootstrap
> anyway).
>
>   Yes.  Lots of support for SHA2 for *multiple purposes*.  Password
> comparisons, etc.
>
>   Otherwise, a bad answer to the bad question would be "Yes, FreeRADIUS
> supports SHA2".
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list