cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2350
Views
0
Helpful
1
Replies

Radius Type 7 encryption shared key

Carlos Jimenez
Level 1
Level 1

Hi team,

I am looking to encrypt the radius shared key as the type 7 Cisco encryption is easily breakable. I have found that Cisco devices only allow Type 0 or type 7 encryption for Radius Shared key. You can specify that the key-value is in clear text (0) format or is encrypted (7).  The default format is clear text. The maximum length is 63 characters. The share key password is highly recommended to be alphanumerical, have at least one upper case letter and include symbols/characters. The longer and more complex the password, the more secure it will be.

Is there any possible way to increase the complexity or the algorithm to secure the key to ensure it is not easily breakable? 

Thank you in advance for your help.

Carlos

1 Reply 1

Gagandeep Singh
Cisco Employee
Cisco Employee

ACS works with special character in shared secret key.

Key—The shared secret of the AAA server. Maximum length for AAA server keys is 32 characters.

Shared secret is something used between NAD and AAA server communication. It has to be same on both ends in order to encrypt the communication using the secret key.

If we run a pcap b/w both ends, no one can break the TACACS packet, until knows the key to open the tacacs packet.

Regards

Gagan

PS : rate if it helps!!!!