02-12-2018, 12:52 AM
(02-11-2018, 02:05 AM)ZerBea Wrote: I do not want capture this thread, but I have a question:
Do you have some informations about (free)RADIUS, specifically about the packet structure of the Attribute Value Pairs in the Access-Request Packet [User-Password encrypted(2) or CHAP-Password(3)].
I know this Password is encrypted using a MD5 chiffre (MD5 xor Password). The MD5 is calculated from secret share+random Authenticator - but i don't have any ideas about this secret share. Also I know the rfc2865 document.
We have this both fields (Authenticator and encrypted User Password) in an Access-Request Packet (and additionally a HMAC_MD5 over the complete Access-Request Packet).
I do not need an answer anymore as I found it:
A note on security: The security of the RADIUS protocol
depends COMPLETELY on this secret! We recommend using a
shared secret that is composed of:
- upper case letters
- lower case letters
- numbers
And is at LEAST 8 characters long, preferably 16 characters in
length. The secret MUST be random, and should not be words,
phrase, or anything else that is recognisable.
The default secret below is only for testing, and should
not be used in any real environment.
secret = testing123
I do not understand completely.
1. How would an easy shared secret be used to compromise the radius?
2. If I set a 16 character shared secret, will the hashes be harder to crack?
PS: i'm [very] new to cryptography, but I AM enjoying myself with great guys like you!