On Wed, Jan 30, 2002 at 08:21:26AM +0100, [EMAIL PROTECTED] wrote: > RADIUS uses UDP for data transport. Only password is encrypted.
>From what I know, the password is only lightly "encrypted", XORed with the MD5 hash of the RADIUS secret! So if you have a reasonable guess of what a password might be, or if you know even only one password, the entire scheme falls apart if it is possible for you to sniff the data stream. Of course, if the network segment the RADIUS server is located in is trusted, RADIUS should be good enough. -- Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311 Programmer, Inter.Net Philippines +63(917) 4458925 http://dido.ph.inter.net/ OpenPGP Key ID: 0x5CDA17D8 Heute die Welt und Morgen das Sonnensystem!
