[EMAIL PROTECTED] wrote: > hmm, its interesting that the key length is an issue - I guess we > _could_ have a much larger number with no real issue...but would > that actually gain anything security wise? I also note that MANY > NAS devices have much smaller maximum shared secrets (memory is > precious I guess..) eg only 16 characters in length!
Yup. MD5 has been pretty much broken. Many RADIUS secrets can be cracked in a few minutes. Shared secrets should be as long as you can make them, and include upper/lowercase letters, numbers, etc. That gives (26+26+10)^16, or about 2^95 possibilities. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
