How common are RADIUS deployments that aren't EAP/PEAP based though?
IDK About anyone else but for a very long time anything md5 has been in the same mental bucket as zip or office documents passwords.. a discouragement for the casual user and accidental exposure but not actually secure against any kind of determined attack. ( the accuracy of my mental buckets is perhaps a separate issue )
Although I suppose lots of deployments still go with whatever lowest friction, so maybe lots?
Realistically, it doesn't matter. My ISP uses RADIUS for authenticating customers in the access network. If someone manages to intercept messages in the middle of my network, I've got bigger problems. Even if someone does inject in the middle, the worst case is that they can forge packets of residential end users. Those customers are already untrusted, so it really does not matter.
> Those customers are already untrusted, so it really does not matter.
Perhaps it doesn't matter to the health of your network, but if it leads to a customer's account being disabled due to incorrectly assigned abuse, surely it would matter to them.
Wow, so it doesn't just come down to using md5, but not using md5-hmac (which is still secure to this day). I only skimmed the paper so maybe i misunderstand, but that would have been considered bad practise even back in the 90s when md5 was considered secure, right?
Readit News
IDK About anyone else but for a very long time anything md5 has been in the same mental bucket as zip or office documents passwords.. a discouragement for the casual user and accidental exposure but not actually secure against any kind of determined attack. ( the accuracy of my mental buckets is perhaps a separate issue )
Although I suppose lots of deployments still go with whatever lowest friction, so maybe lots?
Perhaps it doesn't matter to the health of your network, but if it leads to a customer's account being disabled due to incorrectly assigned abuse, surely it would matter to them.
(57 points, 3 days ago, 7 comments) https://news.ycombinator.com/item?id=40923905
(20 points, 3 days ago) https://news.ycombinator.com/item?id=40919644
Deleted Comment