Does anyone know of any work that's been done on this?
I think the closest to what you ask is this:
http://www.untruth.org/~josh/security/radius/radius-auth.html
I'm not familiar with this protocol at all, but in briefly skimming
this paper and the description of the cipher, it seems
I'd look at the rfc before asking this.
You seem to be looking for application issue (overrun or parse issues)
which has nothing to do with the crypto. IIRC the password is padded up to
112 characters - Idr much more than that.
___
cryptography mailing
On Wed, Feb 4, 2015 at 5:22 AM, Thor Lancelot Simon t...@panix.com wrote:
Given how widely used the protocol is, and the failure of various successor
protocols (cute names and all -- TANGENT anyone?) I have always been
surprised
that the cipher seems not to have received any serious
http://www.untruth.org/~josh/security/radius/radius-auth.html
I'm not familiar with this protocol at all, but in briefly skimming
this paper and the description of the cipher, it seems like the
there's opportunity for padding oracle attacks, provided the server
somehow indicates (through
Thor Lancelot Simon t...@panix.com writes:
For at least 15 years there's been general grumbling that the MD5 based
stream cipher used for confidentiality in RADIUS looks like snake oil.
It's not snake oil, the MD5-based masking was created because it was
exportable. Proper crypto like DES
This is possibly old but there's a great analysis here:
http://www.untruth.org/~josh/security/radius/radius-auth.html
- Naveen
On Wed, Feb 04, 2015 at 08:22:03AM -0500, Thor Lancelot Simon wrote:
For at least 15 years there's been general grumbling that the MD5 based
stream cipher used for
For at least 15 years there's been general grumbling that the MD5 based
stream cipher used for confidentiality in RADIUS looks like snake oil.
Given how widely used the protocol is, and the failure of various successor
protocols (cute names and all -- TANGENT anyone?) I have always been surprised
On Wed, Feb 04, 2015 at 08:22:03AM -0500, Thor Lancelot Simon wrote:
For at least 15 years there's been general grumbling that the MD5 based
stream cipher used for confidentiality in RADIUS looks like snake oil.
Given how widely used the protocol is, and the failure of various successor