Salted SHA security

Arran Cudbard-Bell a.cudbardb at
Mon Feb 23 22:29:57 CET 2015

> On 23 Feb 2015, at 15:48, Robert Graham <robert_graham at> wrote:
> Question for the Freeradius programmers/admins:
> How does the authentication for the Salted SHA-512 get handled?
> Yes, I know you can pull the hashed/salted password from a sql database or
> locally, but how does the FreeRadius server compare the users input
> password which would only be the first 64 bytesand the rest being the
> salt, when the user has only entered in their username and password at the
> prompts (I.E. mobile devices or laptops). Doesnt the server need to have
> the users password and salt to be able to compare the pulled password with
> the entered in password?

It needs the user's plaintext password yes. For EAP you'd need to use
EAP-TTLS-PAP or some other method that'd give you the plaintext password.

EAP-PEAP wraps MSCHAPv2 in TLS, and MSCHAPv2 doesn't give you the plaintext

> If I use radtest everything works just fine locally,


> but once PEAP is
> integrated into the mix, it fails (i.e. laptop,cell phone). Am I reading
> the protocol compability matrix incorrectly then?


EAP-PEAP will only work if in the database, the user's password is MD4 hashed
or it's in plaintext.

There's a great article here which shows why knowing the MD4 password works:

...and also shows why MSCHAPv2 isn't a great idea unless you can guarantee
the TLS tunnel it established with a trusted party.

If you could give us an idea of the client systems that'll be authenticating
we might be able to offer suggestions on what EAP flavour/supplicant might


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list