[cryptography] Cryptanalysis of RADIUS MD5 cipher?

Tim tim-security at sentinelchicken.org
Wed Feb 4 11:15:14 EST 2015


> > Does anyone know of any work that's been done on this?
> 
> I think the closest to what you ask is this:
> 
> http://www.untruth.org/~josh/security/radius/radius-auth.html


I'm not familiar with this protocol at all, but in briefly skimming
this paper and the description of the cipher, it seems like the
there's opportunity for padding oracle attacks, provided the server
somehow indicates (through timing or otherwise) whether the 0 padding
is valid.

tim


More information about the cryptography mailing list