dmitry.korzhevin at stidia.com
Tue Nov 6 13:54:22 CET 2012
Thank you, Martin
I'm just searching for most secure way to store ipsec users credentials.
So, in worst case, if server is hacked, hacker cant see passwords in
06.11.2012 11:12, Martin Willi пишет:
> Hi Dimitry,
>> Please tell - if i will use strongswan + eap-radius + freeradius - all
>> user passwords will be stored encrypted in mysql database?
> This does not depend on strongSwan, but on your clients and your RADIUS
> installation. If you connect Windows 7 clients with EAP-MSCHAPv2, your
> RADIUS backend has to provide at least the NT hashes of your passwords.
> That's not really safe, and a non-reversible encryption is not possible
> with that protocol.
> If you use other clients, or even our xauth-eap bridge, it depends on
> the used EAP method. Our EAP-GTC for example exchanges passwords (in the
> safely encrypted tunnel) in the clear, hence you can apply any hashing
> function to verify them against your hashed database entries.
STIDIA S.A. - Luxembourg
e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
More information about the Users