Support for other hash (like MD5, SHA1) using MSCHAPv2

Brian Candler B.Candler at
Thu Feb 3 14:39:44 CET 2011

On Wed, Feb 02, 2011 at 01:46:11PM -0300, Brivaldo Junior wrote:
> I really try to understand why it's impossible, because another
> softwares
> like dovecot and postfix do this.

I think you're looking at things like POP3 USER/PASS and SMTP AUTH PLAIN
authentication, where in both cases the user sends the cleartext password to
the server.

Using the cleartext password you can do lots of things (such as compare it
to a hash of the password, or use it to login to another service).  Of
course, it also means the actual password is being sent across the wire and
is therefore vulnerable.  This is how PAP works.

CHAP and MS-CHAP don't work that way. The server sends a random string,
known as the "CHAP challenge", and the client sends back a hash of
(challenge + password).  This hashed value is only of use to you if you
already know the cleartext password, because you can calculate the hash of
(same challenge + expected password) and see if you get the same value, and
so decide if the user knows the correct password.

But you can't use the CHAP response to login to anything else. You can't
even use it to login to another machine which uses CHAP, because it will
send you a different CHAP challenge, and you can't calculate the CHAP
response without knowing the cleartext password.

The nearest thing to this in the POP world is APOP (RFC 1939). You can't use
an APOP response to make an LDAP bind; you would have to read the cleartext
password out of LDAP to validate the response.



More information about the Freeradius-Devel mailing list