RE: PEAP / MSCHAP2 / LDAP

Thu, 26 Feb 2004 03:08:49 -0800 

Hi Arthur,

Please do not take my e-mails personally... I must say that I thought
you might be one of those show offs who pick through peoples e-mails looking
for mistakes and then completely mis the point of the e-mail. My appologies
if I am mistaken.

I just think you might have misread the post you reacted to.

I read it as this:

> OK, time for some user education has to happen here.  (Feel free to correct me
> if this is in any way wrong) NT-Hash is a password encryption technology just
> like crypt is a password encryption technology.  If you have a clear text
> password you can encrypt it and come out with a NT-Hash password, or you could
> encrypt it and come out with a crypt password.  However, once it is in an
> encrypted form it is impossible to compare two different encryption forms to
> tell if it is the same password.  

MD5 and MSCHAP both use hashed passwords which are irriversible.

> PEAP / MSCHAPv2 passes the password encrypted with NT-Hash encryption, so it is 
> impossible to compare it against the crypt
> password stored in LDAP.  

PEAP-MSCHAPV2 however sends the NTHASH over the line (cryptograficly speaking)
In MS-CHAPV2 the NTHASH is compared (cryptograficly speaking) to the stored 
NTHASH in a database (Microsoft SAM for example).

> It is also impossible to decrypt the NT-Hash password
> back to a clear text password, so the password passed with PEAP / MSCHAPv2
> cannot be used in a LDAP bind either.  

The NT hashed password cannot be used with normal LDAP bind.

> It is possible to use PEAP / MSCHAPv2
> with LDAP, however one must store the NT-Hash password in LDAP.  I've had the
> same problem with crypts as my password encryption in LDAP.  I ended having to
> create an extra LDAP attribute for NT-Hash passwords.  

But by storing the NT hashed password in LDAP and reading it out during authentication
it is therefore possible to use PEAP-MSCHAPV2.

> Whenever a user now goes
> through a password change, the NT-Hash password attribute will also be
> populated at the same time the crypt password is changed in LDAP.  After you
> set this up, make sure to define the attribute in the ldap.attrmap for
> NT-Password and it will work great with PEAP / MSCHAPv2.

Except that you have to update two entries in your LDAP when doing a password change.

What is wrong with that story?

Regards,

Tom Rixom

> -----Original Message-----
> From: Artur Hecker [mailto:[EMAIL PROTECTED]
> Sent: Thursday, February 26, 2004 11:30 AM
> To: [EMAIL PROTECTED]
> Subject: Re: PEAP / MSCHAP2 / LDAP
> 
> 
> hi
> 
> 
> > I just can't leave it alone.... sorry...
> 
> yes it actually seems to bother you more than i would have 
> expected, but 
> well... :-)
> 
> 
> > You talk about an attacker attacking the NTHASH...
> > 
> > Why did you bring this in? I thought the discussion was about 
> > PEAP-MSCHAPV2 LDAP compatibility...
> 
> actually, for me it was kind of about clear-text password and 
> challenge-response systems, but ok. i didn't want to think 
> about it in 
> mschap-dimensions only. the attack remark was supposed to 
> clarify that 
> mschap didn't essentially change the problem.
> 
> 
> > PEAP makes sure the attacker can't get at MSCHAPV2 and MSCHAPV2
> > allows the use of an database fill of hashed passwords which
> > could be considered safer than clear text...
> > 
> > So why talk about attacking the NTHASH... I don't understand... why?
> 
> i wasn't talking about attacks against NT-HASH and not about PEAP. we 
> were talking about MS-CHAP (which actually exists without PEAP.)
> 
> i just made the remark that the system as you presented it does not 
> change much for the discussion of the basics (which we were 
> leading in 
> my opinion). once again, for me, the only important point was 
> that given 
> one hash function it would be wrong to generally conclude 
> that you can 
> store the hashed password and then use the same hash function in the 
> related challenge response protocol. ok? that is all that counts.
> 
> now, for the database... i agree that you gain the advantage of not 
> storing the clear text passwords (however probably without any salt). 
> but that has nothing to do with the equality of hashes etc. 
> as i said, 
> "nt-hash" is not equal "hash" in your own post and it still works.
> 
> 
> > Maybe you were talking about an inside attack, when the NTHASH
> > is retreived from LDAP? But again can't SSL be used to 
> secure the line?
> 
> again, i wasn't talking about PEAP at all.
> 
> 
> ciao
> artur
> 
> 
> -- 
> __________________________________________________________
> Artur Hecker                  http://www.enst.fr/~hecker
> Groupe AccÃs et Mobilità  /  Computer Science and Networks
> E N S T  Paris ___________________________________________
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
â²Ø~ì®&Þþéì®&ÞIçÚÿ0~·ž­§bºÊ+ƒùb²ßî±êì†Ù

Reply via email to