Salted SHA security
a.cudbardb at freeradius.org
Mon Feb 23 22:29:57 CET 2015
> On 23 Feb 2015, at 15:48, Robert Graham <robert_graham at uhaul.com> wrote:
> Question for the Freeradius programmers/admins:
> How does the authentication for the Salted SHA-512 get handled?
> Yes, I know you can pull the hashed/salted password from a sql database or
> locally, but how does the FreeRadius server compare the users input
> password which would only be the first 64 bytesand the rest being the
> salt, when the user has only entered in their username and password at the
> prompts (I.E. mobile devices or laptops). Doesnt the server need to have
> the users password and salt to be able to compare the pulled password with
> the entered in password?
It needs the user's plaintext password yes. For EAP you'd need to use
EAP-TTLS-PAP or some other method that'd give you the plaintext password.
EAP-PEAP wraps MSCHAPv2 in TLS, and MSCHAPv2 doesn't give you the plaintext
> If I use radtest everything works just fine locally,
> but once PEAP is
> integrated into the mix, it fails (i.e. laptop,cell phone). Am I reading
> the protocol compability matrix incorrectly then?
EAP-PEAP will only work if in the database, the user's password is MD4 hashed
or it's in plaintext.
There's a great article here which shows why knowing the MD4 password works:
...and also shows why MSCHAPv2 isn't a great idea unless you can guarantee
the TLS tunnel it established with a trusted party.
If you could give us an idea of the client systems that'll be authenticating
we might be able to offer suggestions on what EAP flavour/supplicant might
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users