[RADIATOR] suggested hash algorithm for passwords in text files

[Heikki Vatiainen]

On 01/13/2014 06:26 PM, Hartmaier Alexander wrote:

> Are they included in the reference manual and I missed them? The
> section that describes the different available password hashes would
> be a great place to add them right next to the particular algorithm.

$6$ and the general {crypt} formats are there. I made a note that
$5$ is missing from the reference manual. The current list is in under
Check items, section 13.1.1 User-Password, Password

Is this the place you are thinking of?

> Are the crypt SHA-512 hashes portable to other OS Radiator runs on?

Might be for example, with FreeBSD but the FreeBSD manual states the
salt has 8 character length limitation. Based on this there appear to be
portability issues.

> I'd prefer a hash that's checked using a portable Perl module like 
> Digest::SHA so I'm not depending on the OS.

OpenLDAP seems to use {SHA256} and {SSHA256} for non-salted and salted
attribute values (and for 384 and 512), so this might be the appropriate
format for Radiator to use too.

I'll see about adding these. Meanwhile, and also if patching is not
desired, crypt formats should also work for Linux based servers with
recent enough libcs.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.