Make It Easier For Administrators Use PKCS-5 to convert ordinary secrets to strong ones: Start with “precursor” secret “Amplify” its security by repeated PKCS-5 hashing Precursor secret can be administrator-friendly: Can be remembered Doesn’t need to be written down Amplified shared secret: Is much more resistant to dictionary attack Can be generated via simple utility (need not be built in to RADIUS clients and servers) Can be configured into existing RADIUS equipment by copy-and-paste Can be regenerated as needed from precursor |