Computing MS-MPPE-Recv-Key and MS-MPPE-Send-Key in MS-CHAPv2 auth
Alan DeKok
aland at deployingradius.com
Mon Jan 6 14:04:27 UTC 2025
On Jan 5, 2025, at 2:37 PM, Hadi Rezaee <rezaee.hadi at gmail.com> wrote:
>
> I'm trying to figure out how MS-MPPE-Send-Key and MS-MPPE-Recv-Key are
> getting generated by freeradius-server.
The short answer is "read the RFCs and the code"
> Here, it is the sample captured
> traffic I've for a MS-CHAPv2 (Access-Accept) auth between a radius client
> and server:
> MS-MPPE-Recv-Key:
> a660ce53f31ef08ed6cf209ece137a1dee40aeae5d8e5b9de0f1592324bc92569fc1
> MS-MPPE-Send-Key:
> a81579eb58f0bd25636599778c8689516129db8b25ec2d1e4c15797862efedabb3c
Those are just random values. They don't mean anything.
> Correct me if I'm wrong but here I read " mppe_sendkey" and " mppe_recvkey"
> variables are initialized with 34 bytes (as i expected!), but later by
> calling mppe_chap2_gen_keys128 only 16 bytes are copied. I was expecting
> other items (such as 'Salt') to be taken into account too ..
To be honest, I haven't looked at that code in a long time. If it's generating 34-byte keys, then it works. Which means that your reading of the code is wrong.
If you want to know what the code is doing, use a debugger like gdb to step through it.
Alan DeKok.
More information about the Freeradius-Devel
mailing list