PAP and clear text
chuck at cslate.net
Mon Sep 19 18:33:49 CEST 2005
Thanks to all whom replied for your insight and direction.
On Fri, 2005-09-16 at 20:10, Stefan.Neis at t-online.de wrote:
> > You must have missed the information in RFC 2865 (RADIUS), which is also
> > a Fine Manual. The PAP password is XOR'd with the MD5 hash of the
> > shared secret and the authenticator.
> Yes, that's a bit clearer than saying "the password is hashed", since it
> also shows that the process is reversible and you can easily obtain the
> cleartext password from the "obfuscated" password.
> > You've been reading about the protocol prior to the RADIUS client's
> > involvment. The same thing applies to CHAP, just to head you off.
> No, not quite. Here, the password is (essentially) used as a key to compute
> the hash value of a challenge. Most notably, this means you (or the server) have
> no way whatsoever to get back to the clear text password from what is transmitted
> to the server.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users