Tom Rixom wrote:
How do you explain that Microsoft Clients almost all use MSCHAP in some form to authenticate and that all Microsoft passwords are stored in encrypted form... ;)
remark: i've never talked about encryption. encryption is always reversible, provided that you have the key.
i've also never tried to explain ms-chap. simply read the original mail, there is a claim inside which can be understood as "take hashX, store the passwords hashed with hashX, and it'll be ok for your challenge/response system". ahem, no, it won't!
I can't recall the exact specs of MSCHAPV2 but the I remember it to be
something like:
Client Server <------------------- CHALLENGE ----> HASH( CHALLENGE + NTHASH(PASSWORD))
server retrieves NTHASH(PASSWORD) from LDAP database.
server verifies HASH(CHALLENGE + NTHASH(PASSWORD))
what you've sent here is exactly what i've sent: replace password with nthash(password). this is like renaming X to Y. if i am an attacker and i'm trying to attack such a system, why would i bother to want to know the password? the nthash of it is sufficient. even the dictionary attack is not really more difficult here; you have to hash twice... that's not an improvement.
otherwise it is like chap. i would agree however that in that scheme nthash does not have to be reversible; however, it is not used on the challenge neither. thus, that was not the point of my email.
the point was that you can't say that using the same hash function will work. indeed, in your example above the HASH and the NTHASH function need not be equivalent.
ciao artur
-- __________________________________________________________ Artur Hecker http://www.enst.fr/~hecker Groupe AccÃs et Mobilità / Computer Science and Networks E N S T Paris ___________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
