max length of radius secret in radcli

[DimitriPapadopoulos]

See openconnect/recipes !28:

[...] discovered radius authentication is not working because authentik-radius outpos has shared secret 128 characters in length while radcli silently limits length to be less than 96 characters.

This appears to be the source of this limitation:

radcli/include/radcli/radcli.h

Line 56 in 153452b

#define MAX_SECRET_LENGTH (6 * 16) /* MUST be multiple of 16 */

Would it make sense to increase it to 8 * 16?

[nmav]

The question would be why the existing limit is not enough? There always be some use for an extremely large number of characters, but the default values do not necessarily need to cope for that. To change the default the best would be to understand the reason to do so.

[DimitriPapadopoulos]

The "reason" is:

authentik-radius outpos has shared secret 128 characters in length

The max length is probably buried somewhere in https://github.com/goauthentik/authentik/tree/main/authentik/providers/radius or even higher up under https://github.com/goauthentik/authentik/tree/main.

[nmav]

So it generates a 128-character secret by default or it has a max length of 128-characters?

[DimitriPapadopoulos]

It's hard to infer from the source code. I'll ask the end-user...

[DimitriPapadopoulos]

When authenticating using radtest from freeradius, with 1234 as the password, the authentik radius server sends this JSON message internally:

[Path with value: /password:1234]
[Member with value: password:1234]
String value: 1234
Key: password
[Path: /password]

When authenticating using radtest from ocserv, again with 1234 as the password, the authentik radius server sends that JSON message:

[Path with value: /password:YS\ufffd\ufffd\u0007ag\ufffdag\ufffdiS\ufffd\ufffd\ufffd\ufffd\u001e\ufffd]
[Member with value: password:YS\ufffd\ufffd\u0007ag\ufffdag\ufffdiS\ufffd\ufffd\ufffd\ufffd\u001e\ufffd]
String value: YS\ufffd\ufffd\u0007ag\ufffdag\ufffdiS\ufffd\ufffd\ufffd\ufffd\u001e\ufffd
Key: password
[Path: /password]

Do you have an clue where this difference come from? Could ocserv be hashing the 1234 password to something starting with YS?

[corpix]

@DimitriPapadopoulos I am not an expert in authentik, but it looks like secret is generated during radius outpost setup in authentik web interface

Not sure why it is 128, I've read the User-Password section of the RFC2865, it is not very clear for me, but I don't think there is an upper limit on the password length.
I have also gave a quick grep on freeradius sources and haven't found any limits for password length.

I think it may be a good idea to ask @kensternberg-authentik or @BeryJu (they have touched the authentik radius wizard code corresponding to git blame 🙂 ) why 128 was chosen.

[DimitriPapadopoulos]

Thank you so much for the links. They are not crystal clear to me either, but RFC2865 does say:

The String field is between 16 and 128 octets long, inclusive.

[BeryJu]

I honestly don't remember why the default secret length was set to 128, but it has been that value from the start: goauthentik/authentik@3f5effb

[DimitriPapadopoulos]

However, I am not an expert of Radius, and still fail to understand how the following relate and interact:

• User-Password which is between 16 and 128 octets long,
• the shared secret,

• radcli/include/radcli/radcli.h

  Line 49 in 153452b

  #define AUTH_PASS_LEN (7 * 16) /* multiple of 16 */

• radcli/include/radcli/radcli.h

  Line 56 in 153452b

  #define MAX_SECRET_LENGTH (6 * 16) /* MUST be multiple of 16 */

[DimitriPapadopoulos]

The shared secret should be at least 16 octets:

The secret (password shared between the client and the RADIUS server) SHOULD be at least as large and unguessable as a well-chosen password. It is preferred that the secret be at least 16 octets.

A Google search came up with empirical information on upper limits:

• Please enlarge the maximum Shared secret lengt in RADIUS Authenticattion Server settings

  Microsoft RADIUS server does go up to 128 chars.

• Technical Tip: The maximum radius secret key length for FortiOS_

  In conclusion, the maximum length of Radius Secret key on the FortiOS is 128 characters.

• /etc/radius/clients file from the AIX documentation

  The maximum length of the shared secret is 256 bytes and is case sensitive.

• Best Practices for Implementing a Radius Server​

  If you are looking for maximum security, make your shared secret up to 128 characters long.

• Configuring a RADIUS Server from the ArubaOS documentation:

  Shared secret between the controller and the authentication server. The maximum length is 128 characters.

• Configuring RADIUS Servers from Check Point's Gaia R81 Administration Guide

  Enter the shared secret text string up to 256 characters, without any whitespace characters and without a backslash.

  Some RADIUS servers have a maximum string length for shared secret of 15 or 16 characters.

• RadiusSettings from the AWS Directory Service Documentation

  Length Constraints: Minimum length of 8. Maximum length of 512.

• Client Definitions from The FreeRADIUS Server documentation

  The secret can be any string, up to 8k characters in length.

  However, the client source code begs to differ as far as I can understand:

  include/freeradius-client.h
  Line 61 in 5a7c776

  #define MAX_SECRET_LENGTH	(16 * 16) /* MUST be multiple of 16 */

A maximal length of 256 would cover a majority of commercial RADIUS servers, would be compatible with FreeRADIUS, and should cover most use cases in practice.

[nmav]

The shared secret is the secret between ocserv and radius server.

[DimitriPapadopoulos]

Yes, it took me some time, but I eventually sorted it out 😄