[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: radius user-password on the wire
From:       John Dennis <jdennis () redhat ! com>
Date:       2008-04-29 14:14:47
Message-ID: 48172D57.4020807 () redhat ! com
[Download RAW message or body]

Riccardo Veraldi wrote:
> Hello,
> I used wireshark to sniff communication between my radisu server and
> the user-password attribute is encrypted  
>                                      
> 
> 0000   3e ca 2d b0 97 2b b3 f9 0c e9 fc e7 e0 ed e9 fd
> 
> 
> to test if this is strong enough I wanted to ask if there is a way to 
> decrypt
> this user-password attribute since my radisu server is doign proxy to 
> other radius server.
> 
> actually my radius server is authenticating a WiFi captive portal
> and is prosying requests upon username@domainname
> 
> user attributes are stripped from domain and sent to proper radius server
> 
> my question is  how much is risky to have user-passsword attribute 
> travellign across
> the network ? is the encryption applyed to the user-password strong 
> enough ?

Some analysis in the document cited below, I can't comment on the 
quality of the analysis or it's conclusions, perhaps others might.

An Analysis of the RADIUS Authentication Protocol
http://www.untruth.org/~josh/security/radius/radius-auth.html

-- 
John Dennis <jdennis@redhat.com>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]