Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

encryption used in tacas+

Hi All,

Somebody who can explain how tacacs+ encrypts traffic between nas and server? The best I could find untill now was "XOR'ing with MD5-hashes".

thanks

Henk

5 REPLIES
Silver

Re: encryption used in tacas+

Hi Henk,

The tacacs+ uses the MD5 algorithm to encrypt traffic. The Data and the key are XORed to get the hash value which has to match the hash value similarly calculated at the other end.

Hope this answers.

Oscar

New Member

Re: encryption used in tacas+

Hello Oscar,

Just to check I understand. The encryption in tacacs+ is only based on XORing all the data with the key known to both server and client. The MD5-hash is used to check the integrity of the received messages. Correct?

thanks

Henk

noc
New Member

Re: encryption used in tacas+

The tacacs+ algorythm some more complex. For every packet client/server create MD5 hash based on tacacs+ key string, session id, tacacs+ header version, packet sequence number. And XOR packet body with this hash. On other side process do same for get decoded data. Every exchange in one session do sequence number increment, so no equal hashes used for packet encryption. Also decoded data checked by version, lenth packet field and something else for check if decoding was correct and also for check packet integrity. See tac_plus RFC for get full data from

ftp://ftp-eng.cisco.com/pub/tacacs/tac-rfc.1.78.txt or

http://search.ietf.org/internet-drafts/draft-grant-tacacs-02.txt

noc
New Member

Re: encryption used in tacas+

you can see libtacplus source from

http://sourceforge.net/projects/libtacplus

New Member

Re: encryption used in tacas+

Does anyone know if Cisco has plans to propose a replacement to MD5 (SHA1, perhaps)?

125
Views
0
Helpful
5
Replies