up vote 0 down vote favorite

From what I know, when a user wants to login to a RADIUS server, it sends their username and password to a NAS, and the NAS hides the password by hashing (MD5 (shared secret, request authenticator) and then XOR with chunks of the user password, and then sends it to the RADIUS server to check.

What exactly is this shared secret? I'm not sure if it's the same thing as in a challenge-response scheme or if it's just like another password.

What is this request authenticator? (from what I've read online I know that it's related to the secret, but I don't understand what it's used for).

How does the RADIUS server check if the hidden password is the correct one after that hiding process?

After that if CHAP is being used, the RADIUS server will send a challenge and ask for a response. To respond to this challenge you must use a secret "formula" known by you and the server. Is it the same secret that the password hiding uses?

share|improve this question
New contributor
Johnny is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

Your Answer

Johnny is a new contributor. Be nice, and check out our Code of Conduct.
 

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Browse other questions tagged or ask your own question.