RADIUS Doesn't Encrypt Username ?
theodoxa
Member Posts: 1,340 ■■■■□□□□□□
I had always assumed [incorrectly apparently] that "encrypts the password" meant the username and password. But, running Wireshark I came upon this (I trimmed the actual wireshark output to remove redundant information and clean it up):
Ethernet II Destination 00 26 22 6e 60 d9 Source 00 16 46 a2 f7 13 Type 0x0800 (IP) Internet Protocol Version 4 Header Length 20 bytes Differentiated Services Field 0x00 Total Length 119 Identification 0x0302 Flags 0x00 Fragment Offset 0 TTL 255 Protocol 17 (UDP) Header Checksum 0x5F50 Source 172.16.0.1 Destination 172.16.1.2 User Datagram Protocol Source Port 1645 Destination Port 1645 Length 99 Checksum 0x7bbd RADIUS Code 1 (Access-Request) Packet Identifier 0x1B Length 91 Authenticator 12a32ec1a621b268a969c9362cdcdfd6 Attribute-Value Pairs [COLOR=#ff0000] 1 (User-Name) Administrator[/COLOR] [COLOR=#ff0000] 2 (User-Password) Encrypted[/COLOR] 5 (NAS-Port) 194 87 (NAS-Port-Id) tty194 61 (NAS-Port-Type) 5 (Virtual) 31 (Calling-Station-Id) 172.16.0.1 4 (NAS-IP-Address) 172.16.0.1
R&S: CCENT → CCNA → CCNP → CCIE [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ]
Security: CCNA [ ]
Virtualization: VCA-DCV [ ]
Comments
-
docrice Member Posts: 1,706 ■■■■■■■■■■This is correct. Username goes in clear.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/