On 16/05/13 14:27, Sergii Bieliaievskyi wrote:
2013/5/16 Alan DeKok <[email protected]
<mailto:[email protected]>>
Sergii Bieliaievskyi wrote:
> This is so frustrating :(
> How it can be possible to do strong security using reliable passwords
> and to have no encryption in the same time.
I think you misunderstand the issues.
OTP passwords were created so that it doesn't *require* that the
password be hidden.
Systems like MSCHAP were created so that the passwords could be used
many times, because they're hashed.
The two systems are *designed* to be incompatible.
But only ms-chap supports data encryption. I want to use OTP and MPPE
simulteniosly. But MPPE without ms-chap cann`t exist. Am I right?
No.
MPPE requires encryption keys. These can be generated by whatever auth
method.
If you use plain MSCHAP, MSCHAP generates them.
If you use PEAP/MSCHAP, PEAP generates them - the MSCHAP MPPE keys are
thrown away, and not used.
If you use PEAP/GTC, again PEAP generates the MPPE keys.
If you use TTLS/PAP, TTLS generates the MPPE keys.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
