Hi all, first of all sorry for my horrible english. My Question is as follows: With MS-CHAPv2 the client sends a peer-challenge, a nt-response and username to the server. Then the server calculates a challenge with help from the peer-challenge and the username of the client. I hope my understanding is correct so far. But what is the next step? Does FreeRADIUS decrypt the "client-nt-response" (encrypted challenge) and compares the result with its own calculated challenge? Or does it calculate its own "server-nt-response" and compares this to the received "client-nt-response"? I have found both possibilities in some documentations. I can not read source-code of programs (rlm_mschap) and RFCs are something for Developers only i think. Can someone help me please? Thank you very much. Greta
On Jul 29, 2018, at 4:11 AM, Grit Wehner <grit.wehner@gmx.net> wrote:
Does FreeRADIUS decrypt the "client-nt-response" (encrypted challenge) and compares the result with its own calculated challenge?
No. The hashes are one-way. They can be can be calculated, they can't (generally) be "decrypted" to get the original data,
Or does it calculate its own "server-nt-response" and compares this to the received "client-na-response"?
Yes. Alan DeKok.
participants (2)
-
Alan DeKok -
Grit Wehner