Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2366
Views
0
Helpful
1
Replies

Radius Type 7 encryption shared key

Carlos Jimenez
Level 1
Level 1

‎02-09-2017 07:02 AM - edited ‎03-11-2019 12:26 AM

Hi team,

I am looking to encrypt the radius shared key as the type 7 Cisco encryption is easily breakable. I have found that Cisco devices only allow Type 0 or type 7 encryption for Radius Shared key. You can specify that the key-value is in clear text (0) format or is encrypted (7).  The default format is clear text. The maximum length is 63 characters. The share key password is highly recommended to be alphanumerical, have at least one upper case letter and include symbols/characters. The longer and more complex the password, the more secure it will be.

Is there any possible way to increase the complexity or the algorithm to secure the key to ensure it is not easily breakable? 

Thank you in advance for your help.

Carlos

Labels:
0 Helpful
1 Reply 1

Gagandeep Singh
Cisco Employee
Cisco Employee

‎02-13-2017 06:05 PM

ACS works with special character in shared secret key.

Key—The shared secret of the AAA server. Maximum length for AAA server keys is 32 characters.

Shared secret is something used between NAD and AAA server communication. It has to be same on both ends in order to encrypt the communication using the secret key.

If we run a pcap b/w both ends, no one can break the TACACS packet, until knows the key to open the tacacs packet.

Regards

Gagan

PS : rate if it helps!!!!

0 Helpful
Customers Also Viewed These Support Documents