[cryptography] Cryptanalysis of RADIUS MD5 cipher?

Solar Designer solar at openwall.com
Wed Feb 4 09:05:39 EST 2015


On Wed, Feb 04, 2015 at 08:22:03AM -0500, Thor Lancelot Simon wrote:
> For at least 15 years there's been general grumbling that the MD5 based
> stream cipher used for confidentiality in RADIUS looks like snake oil.
> 
> Given how widely used the protocol is, and the failure of various successor
> protocols (cute names and all -- TANGENT anyone?) I have always been surprised
> that the cipher seems not to have received any serious cryptanalytic
> attention.  On the other hand I am not mathy enough to frequently read the
> primary literature.
> 
> Does anyone know of any work that's been done on this?

I think the closest to what you ask is this:

http://www.untruth.org/~josh/security/radius/radius-auth.html

but I guess you've seen it before?

Also related is my analysis of TACACS+ from a year before:

http://www.openwall.com/articles/TACACS%2B-Protocol-Security

Alexander


More information about the cryptography mailing list