(RADIATOR) CHAP issues

Danil Melomedman dmelomedman at devonit.com
Thu Sep 19 16:19:57 CDT 2002


I was thinking about Radiator's CHAP support a little. 
Clear text passwords are a bad idea, we all know it.
How about a two-way encryption added to Radiator for these passwords?
For CHAP, decrypt the password before it's needed. This would be a compromise, I think.
When stored in an LDAP directory entry, it could have {CHAP} prefixed to distinguish it from other
userPasssword values. The key for a two-way encryption would be stored in a file. If need to be fancy,
store a random key per user in a database, or LDAP directory to make passwords even harder to steal.

This is needed because some people are forced to use CHAP (since large aggregators won't switch their NASes
on customers' requests to PAP first, CHAP second.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list