3 Feb
2011
3 Feb
'11
12:10 p.m.
string, known as the "CHAP challenge", and the client sends back a hash of (challenge + password). This hashed value is only of use to you if you
after I read a little of MSCHAP RFC, I understand this.
already know the cleartext password, because you can calculate the hash of (same challenge + expected password) and see if you get the same value, and so decide if the user knows the correct password. But you can't use the CHAP response to login to anything else. You can't even use
Thanks for support, I spend some hours, but I really learn more, and this is a good thing. Regards, Brivaldo Jr