On 06/10/2016 20:09, Brian Candler wrote:
However, when testing with my phone (Android 5.1): it is able to EAP-pwd authenticate with a cleartext password:
steve Cleartext-Password := "testing"
but not when using the MS hash:
steve NT-Password := 0x7c53cfa5ea7d0f9b3b968aa0fb51a3f5
I've been testing this with Linux, and there's lots of brokenness out there. * wpa_supplicant 2.4 does EAP-pwd, but only with PREP_NONE * wpa_supplicant 2.5 does EAP-pwd with PREP_MS (according to the source code). And there is 2.6 too. * Ubuntu 16.04 comes with wpa_supplicant 2.4 * Debian Stretch (alpha 7) includes package wpasupplicant "2.5-2+v2.4-3", which is also 2.4 (confirmed with -v) Its network GUI does however offer PWD, it does generate EAP exchanges to my test RADIUS server, and it connects if I have the Cleartext-Password in the RADIUS server. * Fedora 24 has wpa_supplicant 2.5, and runs from a live CD. However its network config GUI is broken. You can select PWD when you first connect to a network, but nothing happens (I see no radius request from the AP); and when you edit the network security settings, PWD is not included in the list of options at all. * Fedora 25 (alpha 2) also has wpa_supplicant 2.5, and its GUI appears to be identically broken Still on Fedora 25 alpha, I tried configuring wpa_supplicant manually: ---- ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel network={ ssid="RADAUTH" key_mgmt=WPA-EAP proto=WPA2 pairwise=CCMP group=CCMP eap=PWD identity="steve" password="testing" } ---- Result: /usr/sbin/wpa_supplicant -c wpa_supplicant.conf -i wlp3s0 -Dnl80211 ... Line 10: unknown EAP method 'PWD' You may need to add support for this EAP method during wpa_supplicant build time configuration Ah - so they didn't even compile the EAP-pwd functionality. (Same answer with either "pwd" or "PWD") So then I built wpa_supplicant 2.6 from source, back on Ubuntu 16.04 now, and run with the config above. It still works with Cleartext-Password, but with NT-Password I get at the supplicant side: EAP-PWD (peer): confirm did not verify wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed and hence the supplicant abandons the exchange. So it looks like I'm doing something wrong here. Hmm: back to RFC 5931 - it refers to "PasswordHashHash" from RFC 2759. And: 8.3. NtPasswordHash() NtPasswordHash( IN 0-to-256-unicode-char Password, OUT 16-octet PasswordHash ) { /* * Use the MD4 algorithm [5] to irreversibly hash Password * into PasswordHash. Only the password is hashed without * including any terminating 0. */ } 8.4. HashNtPasswordHash() HashNtPasswordHash( IN 16-octet PasswordHash, OUT 16-octet PasswordHashHash ) { /* * Use the MD4 algorithm [5] to irreversibly hash * PasswordHash into PasswordHashHash. */ } Ah - so maybe Control:NT-Password is "NtPasswordHash" which means it needs running through another iteration of MD4. I'll try that. Regards, Brian.