Skip to Main Content
RADIUS
book

RADIUS

by Jonathan Hassell
October 2002
Intermediate to advanced content levelIntermediate to advanced
206 pages
8h 30m
English
O'Reilly Media, Inc.
Content preview from RADIUS

Shared Secrets

To strengthen security and increase transactional integrity, the RADIUS protocol uses the concept of shared secrets. Shared secrets are values generated at random that are known to both the client and the server (hence the “shared”). The shared secret is used within all operations that require hiding data and concealing values. The only technical limitation is that shared secrets must be greater than 0 in length, but the RFC recommends that the secret be at least 16 octets. A secret of that length is virtually impossible to crack with brute force. The same set of best practices that dictate password usage also govern the proper use of RADIUS shared secrets.

Shared secrets (commonly called just “secrets”) are unique to a particular RADIUS client and server pair. For instance, if an end user subscribes to multiple Internet service providers for his dial-up access, he indirectly makes requests to multiple RADIUS servers. The shared secrets between the client NAS equipment in ISPs A, B, and C that are used to communicate with the respective RADIUS servers should not match.

While some larger scale RADIUS implementations may believe that protecting transactional security by using an automated shared-secret changer is a prudent move, there is a rather large pitfall: there is no guarantee the clients and servers can synchronize to the new shared secret at the most appropriate time. And even if it was certain that the simultaneous synchronization could occur, if there ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition

TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition

Kevin R. Fall, W. Richard Stevens
TCP/IP Guide

TCP/IP Guide

Charles M. Kozierok

Publisher Resources

ISBN: 0596003226Errata Page