sha128 or sha256 support?

Honglak Kim honglak_kim at yahoo.com
Thu May 27 17:15:52 CEST 2021


 Hello Alan,
 Probably I am wrong but per my understanding from the  "Alan DeKok"'s previous comment, the secret set between the RADIUS and the NAS is always used for the encryption of the user password regardless it is a plain-text or SHA1 encrypted.   Basically the encryption of the packets between the RADIUS and the NAS seems nothing to do with the way of the password store either plain-text or SHA1 in the authorize file.  

My question was how secure the password encryption(based on the secret)  in the in-flight packets was if the communication between the RADIUS and the NAS was via the internet.  Since it is MD5, it seems not secure enough to send the request datagrams over the internet.

Do we have any documents of Radsec or EAP for its actual installation over FreeRadius ?
Thanks a lot,Paul




    On Thursday, May 27, 2021, 1:47:55 AM PDT, Alan Buxey <alan.buxey at gmail.com> wrote:  
 
 hi,

Are you sending plain text passwords?  if worried about the RADIUS
datagram being sniffed and attacked then maybe EAP or RADSEC is the
way to go...

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html  


More information about the Freeradius-Users mailing list