Hi,
> You must have missed the information in RFC 2865 (RADIUS), which is also
> a Fine Manual. The PAP password is XOR'd with the MD5 hash of the
> shared secret and the authenticator.
Yes, that's a bit clearer than saying "the password is hashed", since it
also shows that the process is reversible and you can easily obtain the
cleartext password from the "obfuscated" password.
> You've been reading about the protocol prior to the RADIUS client's
> involvment. The same thing applies to CHAP, just to head you off.
No, not quite. Here, the password is (essentially) used as a key to compute
the hash value of a challenge. Most notably, this means you (or the server) have
no way whatsoever to get back to the clear text password from what is
transmitted
to the server.
Regards,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
