Question for the Freeradius programmers/admins: How does the authentication for the Salted SHA-512 get handled? Yes, I know you can pull the hashed/salted password from a sql database or locally, but how does the FreeRadius server compare the users input password which would only be the first 64 bytesand the rest being the salt, when the user has only entered in their username and password at the prompts (I.E. mobile devices or laptops). Doesnt the server need to have the users password and salt to be able to compare the pulled password with the entered in password? Ive been trying to do the format that was discussed earlier by changing our code to be hash/salt appended not prepended, and by using Arrans suggestions of: update control { SSHA2-512-Password := "0x%{sql:query to get hash in hex concatenated with salt in hex}" or update control { Tmp-String-0 := "%{sql:SELECT hash FROM <table> WHERE <clause>}" Tmp-String-1 := "%{sql:SELECT salt FROM <table> WHERE <clause>}" } update control { SSHA2-512-Password := "0x%{control:Tmp-String-0}%{control:Tmp-String-1}" If I use radtest everything works just fine locally, but once PEAP is integrated into the mix, it fails (i.e. laptop,cell phone). Am I reading the protocol compability matrix incorrectly then? Robert Graham Network Engineer U-Haul International 2727 N. Central Ave Phoenix, AZ 85004
On 23 Feb 2015, at 15:48, Robert Graham <robert_graham@uhaul.com> wrote:
Question for the Freeradius programmers/admins:
How does the authentication for the Salted SHA-512 get handled?
Yes, I know you can pull the hashed/salted password from a sql database or locally, but how does the FreeRadius server compare the users input password which would only be the first 64 bytesand the rest being the salt, when the user has only entered in their username and password at the prompts (I.E. mobile devices or laptops). Doesnt the server need to have the users password and salt to be able to compare the pulled password with the entered in password?
It needs the user's plaintext password yes. For EAP you'd need to use EAP-TTLS-PAP or some other method that'd give you the plaintext password. EAP-PEAP wraps MSCHAPv2 in TLS, and MSCHAPv2 doesn't give you the plaintext password.
If I use radtest everything works just fine locally,
Great
but once PEAP is integrated into the mix, it fails (i.e. laptop,cell phone). Am I reading the protocol compability matrix incorrectly then?
Yep. EAP-PEAP will only work if in the database, the user's password is MD4 hashed or it's in plaintext. There's a great article here which shows why knowing the MD4 password works: https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ ...and also shows why MSCHAPv2 isn't a great idea unless you can guarantee the TLS tunnel it established with a trusted party. If you could give us an idea of the client systems that'll be authenticating we might be able to offer suggestions on what EAP flavour/supplicant might work. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
On Feb 23, 2015, at 3:48 PM, Robert Graham <robert_graham@uhaul.com> wrote:
How does the authentication for the Salted SHA-512 get handled?
Correctly?
Yes, I know you can pull the hashed/salted password from a sql database or locally, but how does the FreeRadius server compare the users input password which would only be the first 64 bytesand the rest being the salt, when the user has only entered in their username and password at the prompts (I.E. mobile devices or laptops). Doesnt the server need to have the users password and salt to be able to compare the pulled password with the entered in password?
Please use standard terminology. That makes it easier to understand. The SSHA-Password is then password taken from (e.g.) a database. It’s called “SSHA” password because it contains a salt, and a SHA hash of the salt and the password. The User-Password is what the user entered when they tried to log in. You can compare the two by doing a SHA hash of the salt and User-Password. If the result is the same as the SSHA-Password, then the User-Password is correct. Otherwise, it’s not.
If I use radtest everything works just fine locally, but once PEAP is integrated into the mix, it fails (i.e. laptop,cell phone). Am I reading the protocol compability matrix incorrectly then?
I have no idea. You’re not saying what part of the matrix you’re reading, or what conclusions you draw from it. In short, PEAP is incompatible with salted passwords. SMD5, SSHA, SSHA512, etc. None of them will work with PEAP. Alan DeKok.
participants (3)
-
Alan DeKok -
Arran Cudbard-Bell -
Robert Graham