Discussion:
How secure is the radius encryption
Thomas Glanzmann
2012-04-03 17:04:27 UTC
Permalink
Hello,
I wonder if the radius encryption between radius client and radius is
secure enough if you choose a decent password like the following:
'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a('
Or if someone should always protect the connection between radius client
to radius server using ipsec or some other VPN software like for example
openvpn? I don't want to do radius over the internet but in a coporate
intranet. However I want also to absolutly sure that noone is reading my
pap passwords on the wire between radius client and radius server.

Cheers,
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok
2012-04-04 06:54:46 UTC
Permalink
Post by Thomas Glanzmann
I wonder if the radius encryption between radius client and radius is
No one knows.

The method RADIUS uses isn't encryption. It's more technically called
"obfuscation" in the crypto world. The reason is that it's not normal
encryption like AES or DES. So no one knows what it is.
Post by Thomas Glanzmann
'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a('
Or if someone should always protect the connection between radius client
to radius server using ipsec or some other VPN software like for example
openvpn? I don't want to do radius over the internet but in a coporate
intranet. However I want also to absolutly sure that noone is reading my
pap passwords on the wire between radius client and radius server.
It's secure enough for the local intranet.

I'd also suggest putting the traffic onto a management VLAN. That
helps, too.

Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jason Rohm
2012-04-04 07:31:30 UTC
Permalink
The passwords are weakly encrypted using a mechanism that is basically an
XOR of the password and an MD5 hash of the request authenticator and the
shared secret.

It is not reasonably feasible to reverse the encryption from a single
packet without knowing the shared secret. However, since the request
authenticator and the username are readable in the packet, it is
theoretically possible to reverse engineer the shared secret if someone
would capture enough successful logins from the same user, on the same NAS,
using the same password. Once the shared secret was compromised, all
requests to/from that NAS could be decrypted.

To limit your exposure, use a strong shared secret that is unique on each
NAS.
Enforce password expiration and uniqueness on user accounts.
Change your shared secrets periodically and protect them like any other
'superuser' password.
Limit the physical exposure of the transaction by using local radius
servers and/or link level encryption on the WAN.

All of these suggestions limit the number of packet an intruder can use to
attack your encryption and the window that a compromise would be useful.

Depending on the size of your network, it may be worth your time to deploy
radsec. There are very few clients that currently support the draft
standard, but I've had great success deploying localized proxies to convert
standard UDP radius to TCP/TLS encrypted radius.

Thanks,

Jason
Post by Thomas Glanzmann
Hello,
I wonder if the radius encryption between radius client and radius is
'O([G6krj\9[9FN#GVn(/|9+8h5vq2!W*J:OrA;2Uvk1G&*z~-6'emgQV 2X5iD>a('
Or if someone should always protect the connection between radius client
to radius server using ipsec or some other VPN software like for example
openvpn? I don't want to do radius over the internet but in a coporate
intranet. However I want also to absolutly sure that noone is reading my
pap passwords on the wire between radius client and radius server.
Cheers,
Thomas
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Thomas Glanzmann
2012-04-04 07:49:22 UTC
Permalink
Hello Jason,
Post by Jason Rohm
The passwords are weakly encrypted using a mechanism that is basically
an XOR of the password and an MD5 hash of the request authenticator
and the shared secret.
thanks for the thorough explanation, I'll go with IPSEC or openvpn. I
recall reading in Bruce Schneiers book 'Secret and lies' that xor is
only secure if you use the key only once, so it is very easy to break it
if you see enough traffic, probably also with different usernames.

Cheers,
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok
2012-04-04 07:57:30 UTC
Permalink
Post by Thomas Glanzmann
thanks for the thorough explanation, I'll go with IPSEC or openvpn. I
recall reading in Bruce Schneiers book 'Secret and lies' that xor is
only secure if you use the key only once, so it is very easy to break it
if you see enough traffic, probably also with different usernames.
No.

This is why you leave crypto to the experts.

The above explanation is based on a superficial understanding "xor is
bad", without also knowing how the RADIUS "encryption" method works.

The people who designed RADIUS aren't complete idiots, they do NOT use
the same key to encrypt passwords for different usernames.

I do *not* want misinformation to be spread on this list.

For NAS to RADIUS server communication, IPSec is probably overkill.
The NAS doesn't do IPSec, so you still have "insecure" traffic between
the NAS and the local IPSec gateway. All of this traffic is on a local
intranet. So... you might as well just use plain RADIUS.

Pick a strong shared secret, and don't worry about it.
Over-complicating things means that your network is more fragile, and
less likely to work.

The main use for IPSec in RADIUS is for long-haul links. e.g. across
the Internet, or between multiple campuses of a company.

Don't over-think the problem.

And as always, be careful before ignoring the advice on this list.

Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Continue reading on narkive:
Loading...