MD5 usage in RadiusPassword.cs file

[uperformkarthick]

Hi,

We have done a security scan using the sonarcube which reported the usage of the MD5 hashing algorithm as insecure. When we try to change to SHA256 it is not working. We tried the following.

using (var sha256 = SHA256.Create()) { return sha256.ComputeHash(responseAuthenticator); }

Appreciate your inputs.

[vforteli]

Md5 is part of the specification so you cant get rid of it. Besides, the cryptographic features of the radius protocol itself have been broken since pretty much forever. So in other words radius must always be tunneled and used between trusted parties