03-31-2003 05:47 AM - edited 03-10-2019 07:13 AM
Hi All,
Somebody who can explain how tacacs+ encrypts traffic between nas and server? The best I could find untill now was "XOR'ing with MD5-hashes".
thanks
Henk
04-04-2003 08:15 AM
Hi Henk,
The tacacs+ uses the MD5 algorithm to encrypt traffic. The Data and the key are XORed to get the hash value which has to match the hash value similarly calculated at the other end.
Hope this answers.
Oscar
04-06-2003 11:41 PM
Hello Oscar,
Just to check I understand. The encryption in tacacs+ is only based on XORing all the data with the key known to both server and client. The MD5-hash is used to check the integrity of the received messages. Correct?
thanks
Henk
04-08-2003 09:39 PM
The tacacs+ algorythm some more complex. For every packet client/server create MD5 hash based on tacacs+ key string, session id, tacacs+ header version, packet sequence number. And XOR packet body with this hash. On other side process do same for get decoded data. Every exchange in one session do sequence number increment, so no equal hashes used for packet encryption. Also decoded data checked by version, lenth packet field and something else for check if decoding was correct and also for check packet integrity. See tac_plus RFC for get full data from
ftp://ftp-eng.cisco.com/pub/tacacs/tac-rfc.1.78.txt or
http://search.ietf.org/internet-drafts/draft-grant-tacacs-02.txt
04-08-2003 09:50 PM
you can see libtacplus source from
01-11-2005 09:18 AM
Does anyone know if Cisco has plans to propose a replacement to MD5 (SHA1, perhaps)?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: