doujing9972 2017-06-28 14:24
浏览 124
已采纳

PHP Radius密码嗅探

I recently wrote this piece of code:

$radius = radius_auth_open();
radius_add_server($radius, $serverIP, $port_no, 'secret', 5, 3);
radius_create_request($radius, RADIUS_ACCESS_REQUEST);
radius_put_attr($radius, RADIUS_USER_NAME, $username);
radius_put_attr($radius, RADIUS_USER_PASSWORD, $password);

$result = radius_send_request($radius);

switch ($result)
{
    case RADIUS_ACCESS_ACCEPT:
    // etc...

And my var $password is not encrypted at all, in fact, if I encrypt it with password_hash() radius won't recognize it.

Thus my question is:

Can a sniffer pick up that password? Or does radius_send_request already scramble it because of the parameter RADIUS_USER_PASSWORD?


EDIT:

I confused the terms hash and encrypt.

Radius does obfuscate the password when given the parameter attribute RADIUS_USER_PASSWORD. That is enough security for my system.

Thanks!

  • 写回答

1条回答 默认 最新

  • doukui7574 2017-06-28 18:12
    关注

    Radius does obfuscate the password when given the parameter attribute RADIUS_USER_PASSWORD.

    So nobody should be able to sniff your radius authentication

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 关于使用MATLAB中copularnd函数的问题
  • ¥20 在虚拟机的pycharm上
  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗
  • ¥15 钢筋实图交点识别,机器视觉代码
  • ¥15 如何在Linux系统中,但是在window系统上idea里面可以正常运行?(相关搜索:jar包)
  • ¥50 400g qsfp 光模块iphy方案
  • ¥15 两块ADC0804用proteus仿真时,出现异常
  • ¥15 关于风控系统,如何去选择