On 06/28/2011 10:25 AM, Nico Williams wrote:
But doesn't the AAA server get the password in the clear?
Not in cases like MS-CHAPv2. Most shops seem to "require" the use of it, having thrown out classic RADIUS "PAP" along with MS-CHAPv1.
If so the server can make it right.
Define 'right' when the guy on the other end of the wire was written with an older, underspecified version of the spec. Or even with the current one.
It's protocols that use PBKDFs on clients that get into trouble (think of DIGEST-MD5, SCRAM, Kerberos, any ZKPPs...
Yeah. - Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
