The worlds most popular RADIUS server.
Joined October 2009
- Tweets 510
- Following 64
- Followers 855
- Likes 24
17 Photos and videos
Pinned Tweet
17 Apr 2015
In-depth documentation for nearly all modules is now available at networkradius.com/doc/3.0.7/…
3
4
9
freeradius retweeted
Feb 19
Un ancien physicien canadien contrôle l'authentification de 100 millions d'utilisateurs quotidiens. Alan DeKok maintient seul FreeRADIUS depuis 1999 — la moitié des connexions internet mondiales passent par son code.
da.van.ac/un-physicien-nucle…
4
1
412
13 Apr 2025
There is a lot of misleading security advice out there. e.g. many sites copy the same tired myths about PAP vs CHAP.
This is wrong: baeldung.com/cs/authenticati…
The truth: inkbridgenetworks.com/blog/b…
Don't use CHAP. PAP is better.
@michal_aibin
2
4
535
15 Mar 2025
The RADIUS conference went very well. We have agreement from operators and impementers on how to fix long-standing issues with the protocol. radiusconference.org/
2
6
416
13 Mar 2025
Just gave a talk on the history of RADIUS. So many v4 questions. :)
6
319
12 Feb 2025
Klass Weirenga is speaking at the RADIUS conference in March. radiusconference.org/speaker… @eduroam
2
253
freeradius retweeted
23 Jan 2025
Meet @AlanDekok, creator of FreeRADIUS and the person who made your network actually work (you're welcome).
Join him at RADIUS Conference 2025 for some free, real talk on auth infrastructure:
Online: March 13
Register: radiusconference.org
#InfoSec #NetworkInfrastructure
1
2
6
375
6 Nov 2024
The RADIUS experts at dinner. @RadiatorAAA , radsecproxy, FreeRADIUS, and the author of the upcoming RADIUS/TLS RFC.
2
8
359
19 Sep 2024
Apparently some vendors are still having issues with BlastRADIUS fixes. Not sure why. Message-Authenticator has been defined for 25 years. i.e. longer than the IT career of most engineers working on the fixes.
2
1
4
427
23 Jul 2024
There are still some cloud identity providers who claim that PAP is insecure. If you read the BlastRADIUS paper, the cryptographers say otherwise.
Who should you believe? Crypto experts, or a random marketing person?
You can keep using PAP. It's fine.
1
3
329
23 Jul 2024
There are still some cloud identity providers recommending RADIUS/UDP and MS-CHAP. If you do this, then consider all your passwords to be compromised.
Don't use MS-CHAP, or MS-CHAPv2.
1
1
6
452
13 Jul 2024
There is a LOT of misinformation about the BlastRADIUS issue.
If you're using RADIUS for administrator authentication to devices: upgrade. Don't switch to TACACS . Just upgrade your RADIUS server and / or RADIUS client. You will be fine.
3
7
394
13 Jul 2024
There is a LOT of misinformation about the BlastRADIUS issue.
If you're using RADIUS for administrator authentication to devices: upgrade. Don't switch to TACACS . Don't believe anyone who says it's a viable option: they're incompetent.
2
6
362
13 Jul 2024
There is a LOT of misinformation about the BlastRADIUS issue.
TACACS can't replace RADIUS. TACACS is used only for administrator authentication and authorization. It cannot control network access for devices.
4
215
13 Jul 2024
There is a LOT of misinformation about the BlastRADIUS issue.
TACACS can't replace RADIUS. It has an unauthenticated mode, where all passwords are sent in clear-text across the wire. So it has MUCH worse security.
2
172
13 Jul 2024
There is a LOT of misinformation about the BlastRADIUS issue.
TACACS can't replace RADIUS. It uses almost the same MD5-based constructs as RADIUS, so it doesn't increase security.
2
152
13 Jul 2024
There is a LOT of misinformation about the BlastRADIUS issue.
Diameter isn't an option. Most common uses of Diameter have LESS security than RADIUS. And Diameter is being replaced with HTTPS3 (JSON over QUIC)
3
3
312
13 Jul 2024
There is a LOT of misinformation about the BlastRADIUS issue. Almost all of this is covered in the paper at blastradius.fail
What doesn't work?
* Changing timeouts
* switching to Kerberos, Diameter, TACACS , IPSec
4
8
484
freeradius retweeted
9 Jul 2024
blastradius.fail
RADIUS/UDP considered harmful:
RADIUS/UDP vulnerable to MD5 chosen-prefix collision attack #BlastRADIUS
Great joint work with @goldbe @miro_haller @nadiaheninger Mike Milano @realDBRGBreaker Adam Suhl!
2
36
65
8,387
9 Jul 2024
cve.org/CVERecord?id=CVE-202…
Upgrade all of your switches, routers, VPN concentrators, firewalls, access point controllers...
inkbridgenetworks.com/blastr…
1
4
291
9 Jul 2024
Oh boy. Upgrade ALL RADIUS clients and servers. World-wide. Full details at inkbridgenetworks.com/blastr…
1
128