[RADIATOR] BCRYPT

[Heikki Vatiainen]

On 08/24/2011 03:36 PM, Derek Buttineau wrote:

> I was actually thinking of AuthBy SQL.  We're currently using UNIX crypt, but realized it's time to improve security.  I'm being told that bcrypt is the way to go (OpenBSD style 2a/2y).  So I guess wait for 4.8 or the patches to be issued?

That would certainly work with AutBy SQL too. I was just recently using
SYSTEM, which gets the hashes from e.g., from /etc/shadow

There's no problem putting the hashes in SQL too since it all (SQL,
SYSTEM, etc) goes to the same password check within Radiator.

I took a quick look at adding types 2a and 2y, and the perl crypt
function did not seem to like them. It works well with type 6, though.
My understanding is perl crypt uses the libc crypt directly so looks
like there's something more needed even if the system I tried it hashes
its password in /etc/shadow with 2y.

So the additional hash types may require more work than I originally
thought. We'll need to check a bit more how to do this. I'll keep you
and the list posted.

Thanks!

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.