[RADIATOR] Yubikey Security
Heikki Vatiainen
hvn at open.com.au
Thu Jun 7 09:53:32 CDT 2012
On 06/06/2012 07:17 PM, David Heinz wrote:
> I was wondering if the following "issue" also occurs in the Radiator code.
>
> https://bitcointalk.org/index.php?topic=85648.msg943612
>
> I've looked at the code, and I see if it doesn't decrypt properly then
> there is obviously a reject. This is then followed by a REJECT if the
> CRC is not ok. However, I see no method to verify the "secret id" as
> mentioned in the post. Is radiator using the same method for Yubikey
> authentication as the Yubico systems then?
>
> Thanks for any info you can give. I need to make sure I understand this
> so I can talk to our Information Security team.
Thanks for letting us know of this issue. I heard this will be looked at
soon, so expect an update in the near future.
Thanks again!
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list