doujing9972
doujing9972
2017-06-28 14:24
浏览 86
已采纳

PHP Radius密码嗅探

I recently wrote this piece of code:

$radius = radius_auth_open();
radius_add_server($radius, $serverIP, $port_no, 'secret', 5, 3);
radius_create_request($radius, RADIUS_ACCESS_REQUEST);
radius_put_attr($radius, RADIUS_USER_NAME, $username);
radius_put_attr($radius, RADIUS_USER_PASSWORD, $password);

$result = radius_send_request($radius);

switch ($result)
{
    case RADIUS_ACCESS_ACCEPT:
    // etc...

And my var $password is not encrypted at all, in fact, if I encrypt it with password_hash() radius won't recognize it.

Thus my question is:

Can a sniffer pick up that password? Or does radius_send_request already scramble it because of the parameter RADIUS_USER_PASSWORD?


EDIT:

I confused the terms hash and encrypt.

Radius does obfuscate the password when given the parameter attribute RADIUS_USER_PASSWORD. That is enough security for my system.

Thanks!

图片转代码服务由CSDN问答提供 功能建议

我最近写了这段代码:

  $ radius  = radius_auth_open(); 
radius_add_server($ radius,$ serverIP,$ port_no,'secret',5,3); 
radius_create_request($ radius,RADIUS_ACCESS_REQUEST); 
radius_put_attr($ radius,RADIUS_USER_NAME,$ username); 
radius_put_attr(  $ radius,RADIUS_USER_PASSWORD,$ password); 
 
 $ result = radius_send_request($ radius); 
 
switch($ result)
 {
 case RADIUS_ACCESS_ACCEPT:
 // etc ... 
   
 
 

我的var $密码根本没有加密,事实上,如果我用password_hash()加密它,则半径将无法识别它。

因此我的问题是:

嗅探器可以拿起那个密码吗? 或者radius_send_request是否因为参数RADIUS_USER_PASSWORD而加扰它?


编辑:

我混淆了术语哈希和加密 。

Radius在给定参数属性RADIUS_USER_PASSWORD时会对密码进行模糊处理。 这对我的系统来说足够安全。

谢谢!

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • doukui7574
    doukui7574 2017-06-28 18:12
    已采纳

    Radius does obfuscate the password when given the parameter attribute RADIUS_USER_PASSWORD.

    So nobody should be able to sniff your radius authentication

    点赞 评论

相关推荐