Chapter 5 Security
Use the same case-sensitive shared secret on both RADIUS devices.
•
Use a different shared secret for each RADIUS server-RADIUS client pair.
•
To ensure a random shared secret, generate a random sequence at least 22 characters long.
•
You can use any standard alphanumeric and special characters.
•
You can use a shared secret of up to 128 characters in length. To protect your server and your
•
RADIUS clients from brute force attacks, use long shared secrets (more than 22 characters).
Make the shared secret a random sequence of letters, numbers, and punctuation and change it often
•
to protect your server and your RADIUS clients from dictionary attacks. Shared secrets should
contain characters from each of the three groups listed in
Table 5-4
Group
Letters (uppercase and lowercase)
Numerals
Symbols (all characters not defined as letters or
numerals)
The stronger your shared secret, the more secure are the attributes (for example, those used for
passwords and encryption keys) that are encrypted with it. An example of a strong shared secret is
8d#>9fq4bV)H7%a3-zE13sW$hIa32M#m<PqAa72(.
78-18400-01
Shared Secret Character Groups
Table
5-4.
Examples
A, B, C, D and a, b, c, d
0, 1, 2, 3
Exclamation point (!), asterisk (*), colon (:)
Cisco ONS 15600 SDH Reference Manual, Release 9.0
5.4.2 Shared Secrets
5-9