[RADIATOR] suggested hash algorithm for passwords in text files
Heikki Vatiainen
hvn at open.com.au
Wed Jan 29 07:38:15 CST 2014
On 01/13/2014 06:58 PM, Hartmaier Alexander wrote:
> Patching is welcome! If you'd add those formats we would immediately
> switch to using them.
Hello Alexander,
support for {SHA256}, {SSHA256} and the 384 and 512 digest lengths is
now in patches. These new formats are similar to the existing {SHA} and
{SSHA} formats.
Support for PBKDF2 derived passwords should also be available soon.
Because of EAP-PSK, Radiator already has a portable PBKDF2
implementation so using it for password stretching is fairly straight
forward.
The suitable format is still a bit of question. Crypt-PBKDF2, for
example, seems to support LDAP and crypt style formats:
{X-PBKDF2}HMACSHA1:AAAD6A:8ODUPA==:1HSdSVVwlWSZhbPGO7GIZ4iUbrk=
$PBKDF2$HMACSHA1:1000:4q9OTg==$9Pb6bCRgnct/dga+4v4Lyv8x31s=
We would be interested to hear if there are other formats that should be
supported.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list