cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
959
Views
0
Helpful
5
Replies

encryption used in tacas+

henk.janssen
Level 1
Level 1

Hi All,

Somebody who can explain how tacacs+ encrypts traffic between nas and server? The best I could find untill now was "XOR'ing with MD5-hashes".

thanks

Henk

5 Replies 5

owillins
Level 6
Level 6

Hi Henk,

The tacacs+ uses the MD5 algorithm to encrypt traffic. The Data and the key are XORed to get the hash value which has to match the hash value similarly calculated at the other end.

Hope this answers.

Oscar

Hello Oscar,

Just to check I understand. The encryption in tacacs+ is only based on XORing all the data with the key known to both server and client. The MD5-hash is used to check the integrity of the received messages. Correct?

thanks

Henk

The tacacs+ algorythm some more complex. For every packet client/server create MD5 hash based on tacacs+ key string, session id, tacacs+ header version, packet sequence number. And XOR packet body with this hash. On other side process do same for get decoded data. Every exchange in one session do sequence number increment, so no equal hashes used for packet encryption. Also decoded data checked by version, lenth packet field and something else for check if decoding was correct and also for check packet integrity. See tac_plus RFC for get full data from

ftp://ftp-eng.cisco.com/pub/tacacs/tac-rfc.1.78.txt or

http://search.ietf.org/internet-drafts/draft-grant-tacacs-02.txt

noc
Level 1
Level 1

you can see libtacplus source from

http://sourceforge.net/projects/libtacplus

Does anyone know if Cisco has plans to propose a replacement to MD5 (SHA1, perhaps)?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: