On 8/5/05, Paul Taylor <[EMAIL PROTECTED]> wrote: > While looking through the config.xml file to see if I could spot anything > unusual (to help me fix the last issue I posted about), I noticed the > FreeRadius config... > > The problem that I saw is that the passwords are stored in clear text. I > would think that the passwords should be at least base64encoded for storage, > so at least they would be as secure as the locally managed passwords, native > to pfSense and Monowall.
Actually, base64encoding would still be less secure (and as an application auditor, wouldn't provide more than another 10 seconds of delay in retrieving them) than local passwords which are one way hashed. I don't know anything about the FreeRadius package so I can't comment directly on what it requires or what the passwords it stores in our config.xml are supposed to resemble. It's an issue, I don't know how to fix it at this point as I've never even looked at that part of code. --Bill --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
