Curious why we're fortunate? Could you elaborate some? On Sun, Aug 8, 2010 at 10:01 PM, Michael Lecuyer <[email protected]> wrote:
> TACACS+ uses an MD5 pad based on the session ID, shared secret, TACACS+ > version, and packet sequence number. This is XOR'd over the packet. The pad > is in multiples of the MD5 hash length. > > The header is sent plain text and includes the sequence number, the session > ID and version number. > > Encoding and decoding are symmetrical. It is not considered strong > encoding. > > We're all fortunate RADIUS doesn't use this to encode packets. > > Natr Brazell wrote: > >> Thanks, >> I'm looking into IPSEC at the moment. I'm curious how TACACS+ does their >> encryption? >> N >> >> On Fri, Aug 6, 2010 at 4:09 PM, Alan DeKok <[email protected]<mailto: >> [email protected]>> wrote: >> >> Natr Brazell wrote: >> > Is there a way to secure the communication between the radius >> server and >> > the NAS especially wrt accounting data? >> >> IPSec. >> >> Most NASes implement IPv4, and not much else. "Security" means "don't >> run RADIUS over a network where users have access". >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> >> ------------------------------------------------------------------------ >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
