[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: l2tp as ipsra solution



On Wed, 14 Jun 2000, Daniel Fox wrote:
> It's worse than that.  There are some authentication mechanisms (PAP 
> with /etc/passwd) that do not store the cleartext password (the pre-shared
> secret) on the server, but a one-way hash encryption.  Therefore, 
> there are some legacy secrets that cannot be downloaded...

That problem can be circumvented by thinking of the situation differently: 
the shared secret is the output of the one-way encryption, not the
original password.  (This does assume that the one-way-encryption output
really has been kept secret -- as opposed to trusting entirely in the
one-way encryption to preserve secrecy -- but that's normal these days...)

                                                          Henry Spencer
                                                       henry@xxxxxxxxxxxxx