[cryptography] Cryptanalysis of RADIUS MD5 cipher?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Feb 4 21:50:25 EST 2015

Thor Lancelot Simon <tls at panix.com> writes:

>For at least 15 years there's been general grumbling that the MD5 based
>stream cipher used for confidentiality in RADIUS looks like snake oil.

It's not snake oil, the MD5-based masking was created because it was
exportable.  Proper crypto like DES wouldn't have been.

Could you do better with modern crypto?  Sure.  But is it really the weakest
part of RADIUS?  In other words if you switched to AES-GCM or whatever, would
anyone notice?


More information about the cryptography mailing list