Advice on RADIUS security and MD5 encryption?
Alan DeKok
aland at deployingradius.com
Thu Feb 24 15:08:39 UTC 2022
On Feb 24, 2022, at 4:39 AM, Ole Holm Nielsen via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> We're using the pam_radius module for SSH login authentication on a CentOS 7 server. Our university's RADIUS server is a Microsoft Windows server. This seems to work well.
>
> Some of my colleagues are wary about using RADIUS for authentication because the network traffic is encrypted with the obsolete MD5 algorithm.
The real question is: "Has anyone broken the encryption method used by RADIUS?"
The answer is "no".
> I would like to understand if this is a relevant objection or not for the present case.
It's not relevant.
> The Wikipedia article https://en.wikipedia.org/wiki/RADIUS does raise some security concerns.
Anyone can edit Wikipedia. It doesn't really mean anything.
> Question: When the user's password hash is transmitted across the network, how secure is the password from decryption by eavesdroppers?
If you have a shared secret of "hello", it's easy to crack.
If the shared secret of "284nv82fskljhfw9yf2hfjb3fjgf8gb83bg", then no one will be able to crack it.
> Are there any good articles on RADIUS security?
Not really.
In short, it's fine.
Alan DeKok.
More information about the Freeradius-Users
mailing list