Hi! I have a smart card emluator which suports AES, not MD5 encryption algorithm. Is it possible to enable Freeradius to support my smart card emlulator? I have an idea as follow: First,amending client agent (NAS) daemon program to make it send chap-password which is produced with AES, not MD5. The usual md5 chap-password is produced as MD5( user-packet-ID+user-secret+16 bytes authenticator), while the aes chap-password is produced as AES(16 bytes authenticator) using user-secret as key.The usual md5 chap-passwor attribute in an Access Request packet is as follow: __________________________________________________
| code = 3 | Length = 19 | user-packet-ID | 16 bytes value| __________________________________________________ While the aes chap-password replaced the 16 bytes value ( MD5( user-packet-ID+user-secret+16 bytes authenticator)) with AES(16 bytes authenticator). Second ,amending rlm-chap.c to alter it to use AES to analyze the request packet. Is it practical? Appreciate any suggestions. regards Guoxian
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html