Re: Portmaster RADIUS Users Digest V95 #11

Radius Administrator (radius@goofy.zdv.Uni-Mainz.de)
Fri, 06 Oct 1995 20:47:01 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: William Bulley: "Re: Merit Radius Questions"
Previous message: Jeffrey C. Ollie: "Merit Radius Questions"

>
>From: "Brian 'MegaZone' Bikowicz" <megazone>
>Date: Thu, 5 Oct 1995 12:55:09 -0700 (PDT)
>Subject: Re: vac-wg Skeletal framework for the protocol (fwd)
>
>Once upon a time Michael Dillon shaped the electrons to say...
>>Don't steal the RADIUS protocol as it currently is; there's a large
>>security hole in it, I'm told, which renders it useless for something
>>that is going to be used over a wide area network with no intrinsic security.
>
>I'm always suspicious of 3rd hand information - I don't know of any such
>'large security hole'.
>
>I'll write him and ask what he is talking about.
>

He is probably assuming that RADIUS is using MD4 instead of MD5.
MD4 has indeed a conceptual weakness. Just read about it in a
magazine.

But as you said: Don't trust third hand information ... :)

Cheers,
Dominik

Next message: William Bulley: "Re: Merit Radius Questions"
Previous message: Jeffrey C. Ollie: "Merit Radius Questions"