On Tue, Apr 02, 2002 at 05:53:28PM -0600, McNutt, Justin M. wrote: > The problem I have with all of this is the fact that the actual passwords can be >deduced using the "cleartext equivalent" that MS stores. This is a huge weakness in >NT/2K-based authentication that I was hoping to get around using FreeRADIUS. >
The actual password cannot be deduced from the cleartext equivalent in any way other than dictionary attack / guessing (same as for unix crypt or md5). The only problem with this is that the M$ hash has no salt, so an attacker can precompile a dictionary. However, a salt is relatively useless as the md4 hash (what M$ stores) is cleartext equivalent, so an attacker does not need to deduce the actual password -- at least not for purposes of using M$ style authenticated resources. So MS-CHAP is not worse than regular CHAP (essentially EAP-MD5) in this regard. There is definitely a problem if someone has the md4's and a user re-uses their password on other systems, eg to authenticate to both unix and windows machines. You could use PAP auth or perhaps EAP-TLS. PAP auth has the disadvantage of the password going over the wire in the clear to the NAS, so you have to weigh your concerns here. I don't know of any radius servers that do EAP-TLS. (But then, I know almost nothing about EAP period.) There are better ways to do this, but there are no implementations of them. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
