Reversibly encrypted passwords in SQL
Hello, is there any way of using reversibly encrypted passwords together with a mySQL backend? Currently, our passwords are stored as User-Password in clear text. I'd like to move on to using something like Crypt-Password := {algo-prefix}blablabla with an algorithm that encrypts reversibly. I failed to see a list of supported algorithms in the docs, a pointer would be nice... Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpVlUSy6XcMA.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
I'd also like to do this - although non-reversable encryption (like MD5) would suit us - eg, password is encrypted in the table, and is encrypted and compared when a user's password is checked. How is encryption meant to be done in the MySQL module at all? Jan On 09/10/06, Stefan Winter [EMAIL PROTECTED] wrote: Hello, is there any way of using reversibly encrypted passwords together with a mySQL backend? Currently, our passwords are stored as User-Password in clear text. I'd like to move on to using something like Crypt-Password := {algo-prefix}blablabla with an algorithm that encrypts reversibly. I failed to see a list of supported algorithms in the docs, a pointer would be nice... Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
Jan Mulders wrote: I'd also like to do this - although non-reversable encryption (like MD5) would suit us - eg, password is encrypted in the table, and is encrypted and compared when a user's password is checked. How is encryption meant to be done in the MySQL module at all? You could use NT-hash from the NT/LM hash codes. NT-Password := [32 hex chars in lowercase] Then use something which likes NT hashing, such as MSchapv2 or a PAP instance configured to do NT-hashing... like so modules{ PAP nthashpap { encryption_scheme = nt } } and subsequently... authenticate{ Auth-Type PAP{ nthashpap } } Cheers Rob -- Rob Shepherd, PhD | Computer and Network Engineer | TechniumCAST rob gets mail at techniumcast.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
Stefan Winter [EMAIL PROTECTED] wrote: is there any way of using reversibly encrypted passwords together with a mySQL backend? Not really, no. But it shouldn't be too hard to add... with an algorithm that encrypts reversibly. I failed to see a list of supported algorithms in the docs, a pointer would be nice... There are no reversible encryption methods supported. You would have to: 1 - define an attribute in the dictionary, say Reversibly-Encrypted-Password 2 - write code (probably a module) to decrypt that attribute using a key, and create Cleartext-Password from it 3 - write a program to turn clear-text passwords into encrypted ones. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reversibly encrypted passwords in SQL
Jan Mulders [EMAIL PROTECTED] wrote: I'd also like to do this - although non-reversable encryption (like MD5) would suit us - eg, password is encrypted in the table, and is encrypted and compared when a user's password is checked. This is already supported in 1.1.x, and is a little easier in the CVS head. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html