To: Mark Strandskov <34HLEFG@cmuvm.csv.cmich.edu> Date: Wed, 08 Mar 1995 16:24:20 -0500 From: "Allan C. Rubens" John passed on your message about encrypted TACACS. I'll try to explain how it works. It's really quite simple - just a minor hack of the real extended TACACS protocol. I assume you have the structure definition for the request and reply TACACS packets. It's included in our RADIUS release. All we do is encrypt the password in the request and append an MD5 signature to the reply to prove that the reply came from a trusted server. The hacks begin in the password field of the request. The first byte of the password string field will be a zero if a password follows or one if a CHAP challenge-reply follows. You should make sure this byte is zero for now and, if not, reject the request. The zero will be followed by the MD5 encrypted password. Immediately after the password string will be a 16 byte vector which you'll need to decrypt the password and also to generate a valid signature in the reply. Once you have the password string and the vector, decrypt the password as follows: Concatenate the secret with the 16 byte vector and compute an MD5 digest on this whole string. Now, take the computed digest and XOR it with the encrypted password. The resulting string will be the decrypted user's password. Now, you can validate the user ID and password in the normal manner. Next build the reply in the same way extended TACACS does. Note that the user ID and password are NOT sent back in the reply. A signature is appended to the packet beginning immediately after the TACACS header. Build this 16 byte signature as follows: First copy the 16 byte vector from the request to the first byte after the TACACS reply header. Now, append the secret to the vector you just copied to the reply. Then compute the MD5 digest on the entire reply, including the appended vector and secret. Copy the 16 byte MD5 computed digest (the signature) to the first byte after the TACACS header in the reply and send the reply, making sure to include the length of the appended signature in the length you specify when sending.