Security Basics mailing list archives
Basic questions about RADIUS authentication
From: "VI" <vi () vizo com>
Date: Sun, 21 Nov 2004 01:45:15 +0200
Hi all,
From what I have read (and understood) about RADIUS authentication, in the
first phase, the NAS communicates with the RADIUS server thru using pre-shared keys. Q.1- Is it not possible to sniff this communication and launch a dictionary attack? After the user is authenticated, RADIUS server creates and sends the user and the NAS session keys. Q.2- Is it not possible in this instance to launch a man-in-the-middle attack? And lastly, Q.3- How is the data (userids and passwords) secured in the RADIUS server? Is it not possible to launch an attack at the RADIUD server database? I know these questions are very basic, but I hope they are not stupid.:-) Thanks for answers,
Current thread:
- Basic questions about RADIUS authentication VI (Nov 22)
- Re: Basic questions about RADIUS authentication Bulgaria Online - Assen Totin (Nov 23)
- <Possible follow-ups>
- RE: Basic questions about RADIUS authentication Ed Whitesell (Nov 24)
- RE: Basic questions about RADIUS authentication Roger A. Grimes (Nov 25)