Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) CHAP authentication - I hate to ask, but...



In message <33B3B132.1706@ibh-dd.de>, Andre Beck writes:
> Thats why MS-CHAP is probably really better, even if we don't like
> the fact that it's made by M$.

Actually, no, MS-CHAP is exactly the same as CHAP in that respect -- all
that was done was that they changed what they're considering to be the
clear-text secret from a user-typed string to a string derived from a
user-typed string via a hash and substituted a different verification
hash.

MS-CHAP works by first hashing the user's "password" via either DES or
MD4 (depending on the version) into a key value.  This key value is the
value which is actually stored in the NT registry.  The challenge is then
encrypted using DES with this key value as the DES key to generate the
response.  (In much the same manner that standard CHAP hashes the challenge
value plus the ID field and the shared secret using MD5.)

Note that it's not at all necessary for a system cracker to have the user's
"password" in order to authenticate himself to an NT server running MS-CHAP.
All that is necessary is that key value, which is conveniently stored in
clear-text form in the NT registry.  There's no way an NT server can possibly
tell whether the remote peer started with the user's "password" and hashed
that to arrive at the key value, or if he had a stolen copy of the key value
and skipped the initial step entirely.  All it cares about is the result
of the DES hash using the challenge and the key value alone.

If you consider DES hash to be an acceptable substitute for the MD5 hash,
then MS-CHAP is exactly the same as CHAP in terms of security up to this
point.

I'm not at all a Microsoft software expert, nor would I claim to know exactly
what weaknesses are extant in their system.  I do know that a utility called
"PWDUMP" has been described in several industry publications and which claims
to be able to dump the contents of the NT registry.  If this includes the
hashed user passwords (what I call the "key values" above), then I think
they're sunk.

MS-CHAP also offers the ability for a user to change his password once
authenticated.  If a cracker steals one of these key values and then uses
this feature to change the key value for which he does know the "source"
password, then he will be able to authenticate himself to the NT system
for complete access as that user and will also conveniently lock out that
pesky legitimate user.

C2?  Hmm.  Interesting.

---
James Carlson <carlson@xylogics.com>, Prin Engr   Tel:  +1 508 916 4351
Bay Networks - Annex I/F Develop. / 8 Federal ST        +1 800 225 3317
Mail Stop BL08-05 / Billerica  MA  01821-3548     Fax:  +1 508 916 4789
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>


References: