> > Does anyone know of any work that's been done on this? > > I think the closest to what you ask is this: > > http://www.untruth.org/~josh/security/radius/radius-auth.html
I'm not familiar with this protocol at all, but in briefly skimming this paper and the description of the cipher, it seems like the there's opportunity for padding oracle attacks, provided the server somehow indicates (through timing or otherwise) whether the 0 padding is valid. tim _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography