[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: BillMax questions -- Plaintext Password
On Mon, 12 Aug 2002, Brad wrote:
>
> If on the off-chance that someone climbs a telephone pole,
> cracks out a modem line with their high-tech equipment, and
> sniffs the password- you dont have a big problem because you
> have only lost one username/password for all of that
> trouble. On the other hand- if someone went through the
> same ammount of trouble to break in to your RADIUS server
> and look at the plaintext passwords for CHAP- THEN you have
> a really big problem because you've lost *all* of your
> usernames and passwords.
>
> Neither are perfect solutions, but PAP is statistically more
> secure.
>
Note also that, for PAP, the username/password is passed in the clear
over the network connection from the NAS (and/or Radius Proxy) to the
Radius server and therefore available for sniffing along the way; as
mentioned earlier, Radius packets are not encrypted.
I think that traffic sniffers may be a more significat issue (in some
circumstances) than either of the two methods you describe above.
Tony.
--
Anthony Fleisher <fleisher@mind.net>
Network Administrator
Internet Ventures Oregon
InfoStructure
Ashland, Oregon
Voice: (541)482-8324 Fax: (541)488-7599
-----------------------------------------------------------------------------
To unsubscribe from the "BillMax Questions" mailing list, please
send a message to "majordomo@billmax.com" with "unsubscribe questions"
in the message body. The message must be sent from the exact email
address on the list.