Security Basics mailing list archives

Basic questions about RADIUS authentication

From: "VI" <vi () vizo com>
Date: Sun, 21 Nov 2004 01:45:15 +0200

Hi all,

From what I have read (and understood) about RADIUS authentication, in the

first phase, the NAS communicates with the RADIUS server thru using
pre-shared keys. 

Q.1- Is it not possible to sniff this communication and launch a dictionary
attack?

After the user is authenticated, RADIUS server creates and sends the user
and the NAS session keys.

Q.2- Is it not possible in this instance to launch a man-in-the-middle
attack?

And lastly,

Q.3- How is the data (userids and passwords) secured in the RADIUS server?
Is it not possible to launch an attack at the RADIUD server database?

I know these questions are very basic, but I hope they are not stupid.:-)

Thanks for answers,

Current thread:

Basic questions about RADIUS authentication VI (Nov 22)
- Re: Basic questions about RADIUS authentication Bulgaria Online - Assen Totin (Nov 23)
- <Possible follow-ups>
- RE: Basic questions about RADIUS authentication Ed Whitesell (Nov 24)
- RE: Basic questions about RADIUS authentication Roger A. Grimes (Nov 25)