5

In configuring Radius authentication on multiple devices from a vendor, I discovered that PAP is the only supported protocol.

I was initially surprised but discovered that even an f5 BigIP only offers PAP too. Even further, several other vendors also only offer PAP.

As I understand it, PAP is considered insecure because the credentials are transmitted from the Radius Client in plaintext.

So my question is, if it is so insecure, how come it is still so commonly the only authentication protocol?

gb5757870
  • 195
  • 1
  • 1
  • 11

2 Answers2

4

While only the maker of a device can give you the canonical answer about that device, there are a few factors that generally explain why only PAP is supported on many platforms:

  1. PAP is old (RFC 1334 was published in 1992) so it used to be pretty much the only standardized choice. Even after newer (and arguably better) standards were released (such as CHAP in 1996 and EAP in 1998 with updates in 2004), companies could still use the already-written PAP code in existing products and just move it to their new products.
  2. PAP is easy to implement - no need to understand complex encryption mechanisms.
  3. There is an easy way to add another layer of security, so there is no incentive to fix it. (See final paragraph below)

In truth though, PAP as used by RADIUS does not actually send the password in plaintext. Instead, it XORs the password with an MD5 hash based on a shared secret. While this is also considered to be insecure, it is still at least a little better than actual plaintext.

The best practical answer for safe use of PAP is to tunnel the RADIUS traffic through a VPN (IPSec tunnel or similar). This is becoming standard practice when dealing with RADIUS connections anyway, as there could also be other sensitive user data besides the password that has to be secured.

Moshe Katz
  • 1,331
  • 1
  • 11
  • 17
  • 1
    Also, you're probably not sending RADIUS traffic over the internet, but over a securable network, where you can limit *some* of the risk. Doesn't justify it, but changes the situation a bit. – Steve Nov 29 '16 at 21:17
  • @Steve That's not always true. [EduRoam](https://www.eduroam.us/) is a great example of a need to send RADIUS traffic over the Internet, though they use tunnels for security (and they also use EAP, so this particular question isn't an issue). – Moshe Katz Nov 29 '16 at 21:31
  • @Steve Correct that, in this case, not sending Radius over the Internet, only WAN. However doesn't really change my position as still introduces a risk that can be easily mitigated by simply not using it. – gb5757870 Nov 29 '16 at 22:13
0

As I understand it, PAP is considered insecure because the credentials are transmitted from the Radius Client in plaintext.

This is not true. See RFC 2865 Section 5.2 PAP passwords are encrypted when they're sent in RADIUS.

But is that encryption method secure? Yes. Or more truthfully, "no one has broken it". So while better security protocols exist (TLS, etc.) The methods used in RADIUS are not known to be insecure.

There's a longer technical explanation here.

In short, PAP is fine. If you're putting RADIUS packets over the wider Internet, use a VPN or RadSec. Yes, use RadSec even if you're not using PAP!

Alan DeKok
  • 1