Hi,
please correct me, if I'm wrong.
You are wrong.
When using mschapv2, user sends his password in cleartext and FreeRadius compares it to one stored in, e.g., "users":
The user's password gets hashed on his client device into NT-Hash form (MD4), which is, as you've been explained numerous times before, incompatible with any other hashing form. It never gets sent in clear text. Due to that, none of what you write below applies. Greetings, Stefan Winter
1) if Cleartext-Password used, then just compare strings 2) if NT-Password used, then create NTLM hash from supplied password and compare hashes 3) otherwise reject request (no other allowed methods)
the issue with this is the following - there are many systems with tens of users which use "users" since there is no sense to supply LDAP/etc additionally to FreeRadius (not a big scale). But if, using any way, "users" file will leak outside, then we can assume open access to system - cleartext is cleartext, while services like https://hashkiller.co.uk/ntlm-decrypter.aspx with databases of previously stolen hashes (thank to always vulnerable Windows) can be used to search for the specific hash and, thus, to get corresponding password.
Why not to add 3rd, 4th and next *internal* checks against records in "users" if we know which kind of hash used there? I mean
3) if SHA2_256-Password used, then create SHA256 hash and compare hashes 4) if SHA2_512-Password used, then create SHA512 hash and compare hashes ... n) reject request as there are no other methods
while all these "SHA2_xxx" methods can be aliases to SHA2 when used with EAP-GTC or other methods. So, (a) this is internal deal of Freeradius which don't break any standards and (b) will prevent password reverse engineering in case of configuration leakage.
Thank you.
On 2/28/18 12:55 PM, Arran Cudbard-Bell wrote:
On Feb 28, 2018, at 4:34 PM, Volodymyr Litovka <doka.ua@gmx.com> wrote:
Hi colleagues,
I'm pretty new in FreeRadius and looks missing something that will allow me to authenticate MSCHAP users agains stored SHA256 hashes.
See magic bingo card: http://deployingradius.com/documents/protocols/compatibility.html
Same applies to SHA256 as it does SHA1.
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66