Thanks to all whom replied for your insight and direction.
Regards, Chuck On Fri, 2005-09-16 at 20:10, [EMAIL PROTECTED] wrote: > Hi, > > > You must have missed the information in RFC 2865 (RADIUS), which is also > > a Fine Manual. The PAP password is XOR'd with the MD5 hash of the > > shared secret and the authenticator. > > Yes, that's a bit clearer than saying "the password is hashed", since it > also shows that the process is reversible and you can easily obtain the > cleartext password from the "obfuscated" password. > > > You've been reading about the protocol prior to the RADIUS client's > > involvment. The same thing applies to CHAP, just to head you off. > > No, not quite. Here, the password is (essentially) used as a key to compute > the hash value of a challenge. Most notably, this means you (or the server) > have > no way whatsoever to get back to the clear text password from what is > transmitted > to the server. > > Regards, > Stefan > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
