Hi Im in a dilemma on how this process works,especially about the shared key.
Im currently learning Fundamentals of Network Security and came across this chapter on access-control protocols where they talk about RADIUS,TACACS+ nad Kerberos.
I have never set up a Radius system before.
This is what the book says that got me confused.
"The shared secret is never sent out in the network".
If its never sent out how dpes the authentication happen? How does the R.Server knows that the R.Client is trustable by not exchanging secret key? How is the password encrypted?
These are the 2 websites that got me even confused. 1 stated that the secret key is used for encryption with MD5 together with a random Request Authenticator string and then the resulting hash would be XORed with the password.
The other stated the password would just directly go through a MD5 algorithm.