> That may be but CHAP doesn't secure you any better. Storing the > passwords in clear text on the server is more likely to get > compromised versus someone sniffing the wiring for clear text. > > This is a no-win situation.
I agree with this. I think people who designed CHAP thought otherwise. CHAP saves you from your passwords being sniffed, but it still allows access to your services through hijacking. It's not secure, as is shown by this paper: http://packetstormsecurity.nl/groups/teso/chap.pdf I am not sure if the same attack can be used between a NAS and a RADIUS server, but it can certainly be used between an authenticator and user of authenticated service if used over IP. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
