Reversibly encrypted passwords in SQL
Hello,
is there any way of using reversibly encrypted passwords together with a mySQL
backend? Currently, our passwords are stored as User-Password in clear text.
I'd like to move on to using something like
Crypt-Password := {algo-prefix}blablabla
with an algorithm that encrypts reversibly. I failed to see a list of
supported algorithms in the docs, a pointer would be nice...
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
pgpVlUSy6XcMA.pgp
Description: PGP signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
I'd also like to do this - although non-reversable encryption (like
MD5) would suit us - eg, password is encrypted in the table, and is
encrypted and compared when a user's password is checked.
How is encryption meant to be done in the MySQL module at all?
Jan
On 09/10/06, Stefan Winter [EMAIL PROTECTED] wrote:
Hello,
is there any way of using reversibly encrypted passwords together with a mySQL
backend? Currently, our passwords are stored as User-Password in clear text.
I'd like to move on to using something like
Crypt-Password := {algo-prefix}blablabla
with an algorithm that encrypts reversibly. I failed to see a list of
supported algorithms in the docs, a pointer would be nice...
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
Jan Mulders wrote:
I'd also like to do this - although non-reversable encryption (like
MD5) would suit us - eg, password is encrypted in the table, and is
encrypted and compared when a user's password is checked.
How is encryption meant to be done in the MySQL module at all?
You could use NT-hash from the NT/LM hash codes.
NT-Password := [32 hex chars in lowercase]
Then use something which likes NT hashing, such as MSchapv2 or a PAP
instance configured to do NT-hashing... like so
modules{
PAP nthashpap {
encryption_scheme = nt
}
}
and subsequently...
authenticate{
Auth-Type PAP{
nthashpap
}
}
Cheers
Rob
--
Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST
rob gets mail at techniumcast.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
Stefan Winter [EMAIL PROTECTED] wrote: is there any way of using reversibly encrypted passwords together with a mySQL backend? Not really, no. But it shouldn't be too hard to add... with an algorithm that encrypts reversibly. I failed to see a list of supported algorithms in the docs, a pointer would be nice... There are no reversible encryption methods supported. You would have to: 1 - define an attribute in the dictionary, say Reversibly-Encrypted-Password 2 - write code (probably a module) to decrypt that attribute using a key, and create Cleartext-Password from it 3 - write a program to turn clear-text passwords into encrypted ones. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
Jan Mulders [EMAIL PROTECTED] wrote: I'd also like to do this - although non-reversable encryption (like MD5) would suit us - eg, password is encrypted in the table, and is encrypted and compared when a user's password is checked. This is already supported in 1.1.x, and is a little easier in the CVS head. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
