Hi, > there are obviously different kinds of encryption and as you mention with > out a key, decryption is not possible.
It's not only the question of a key, it's also a question of methods used. Given a hash value (often called "encrypted password"), you just can't get back to the clear text. > that leaves public key based encryption. so, poptop can > do ssl based encryption, > can that be utilized to encrypt the transport in much the same way https > encrypts http traffic? Actually, RADIUS supports an authentication protocol called EAP-TLS which essentially does just that. However, it requires eaach client to have a certificate and be able to verify the authentication servers certificate. Also client and server must support it. > does anyone know if pptpd decrypts > before it passes the string to freeradius for authentication? Sorry, that's exactly what I have been trying to explain: If you are using (MS-)CHAP, there is nothing which can be decrypted (the password is only used to compute/verify some hash value). Only if you are using PAP the password is contained in the authentication request and only then whatever server decrypts it (if it ever was encrypted) and reencrypts it in a different way to send it to the radius server. > just pass on the encrypted stream and thus tries > to compare the mschapv2 encrypted stream with a md5 encrypted unix password? > which lead to alan's response of "it won't work and never will". If you're using (MS-)CHAP, "challenge" and "response" will be passed on to the server, but to verify that the response matches the challenge, you do _need_ the clear text password. And since it's impossible to "decrypt" to "encrypted unix passwords" (which really are "hashed passwords"), there's no way to make this work. In short: You can either use (MS-)CHAP and store cleartext passwords on the server (to be able to check that challenge and response do match) or you can use PAP (i.e. transfer "cleartext" passwords when authenticating) and e.g. check if the password has the correct hash value stored on the server (e.g. an MD5-hash or a Unix hash). [ For completness: In the particular case of MS-CHAP, the first step in verification of challenge/response is an encryption of the password, so it's sufficient to store that intermediate result on the server (LM-Password and NT-Password), but OTOH, that's also all an attacker needs to know, so there's no real benefit in storing those in place of the real password.] HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html