RADIUS attribute from rfc2869


Message-Authenticator

This attribute MAY be used to sign Access-Requests to prevent
      spoofing Access-Requests using CHAP, ARAP or EAP authentication
      methods.  It MAY be used in any Access-Request.  It MUST be used
      in any Access-Request, Access-Accept, Access-Reject or Access-
      Challenge that includes an EAP-Message attribute.

      A RADIUS Server receiving an Access-Request with a Message-
      Authenticator Attribute present MUST calculate the correct value
      of the Message-Authenticator and silently discard the packet if it
      does not match the value sent.A RADIUS Client receiving an Access-Accept, Access-Reject or
      Access-Challenge with a Message-Authenticator Attribute present
      MUST calculate the correct value of the Message-Authenticator and
      silently discard the packet if it does not match the value sent.

      Earlier drafts of this memo used "Signature" as the name of this
      attribute, but Message-Authenticator is more precise.  Its
      operation has not changed, just the name.

   A summary of the Message-Authenticator attribute format is shown
   below.  The fields are transmitted from left to right.

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     |     String...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      80 for Message-Authenticator

   Length

      18

   String

      When present in an Access-Request packet, Message-Authenticator is
      an HMAC-MD5  checksum of the entire Access-Request packet,
      including Type, ID, Length and authenticator, using the shared
      secret as the key, as follows.

      Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
      Request Authenticator, Attributes)

      When the checksum is calculated the signature string should be
      considered to be sixteen octets of zero.

      For Access-Challenge, Access-Accept, and Access-Reject packets,
      the Message-Authenticator is calculated as follows, using the
      Request-Authenticator from the Access-Request this packet is in
      reply to:

      Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
      Request Authenticator, Attributes)When the checksum is calculated the signature string should be
      considered to be sixteen octets of zero.  The shared secret is
      used as the key for the HMAC-MD5 hash.  The is calculated and
      inserted in the packet before the Response Authenticator is
      calculated.

      This attribute is not needed if the User-Password attribute is
      present, but is useful for preventing attacks on other types of
      authentication.  This attribute is intended to thwart attempts by
      an attacker to setup a "rogue" NAS, and perform online dictionary
      attacks against the RADIUS server.  It does not afford protection
      against "offline" attacks where the attacker intercepts packets
      containing (for example) CHAP challenge and response, and performs
      a dictionary attack against those packets offline.

      IP Security will eventually make this attribute unnecessary, so it
      should be considered an interim measure.