EAP-pwd and NT-Password

Brian Candler b.candler at pobox.com
Fri Oct 7 16:30:35 CEST 2016 

On 06/10/2016 20:09, Brian Candler wrote:
> However, when testing with my phone (Android 5.1): it is able to 
> EAP-pwd authenticate with a cleartext password:
>
> steve   Cleartext-Password := "testing"
>
> but not when using the MS hash:
>
> steve  NT-Password := 0x7c53cfa5ea7d0f9b3b968aa0fb51a3f5 

I've been testing this with Linux, and there's lots of brokenness out there.

* wpa_supplicant 2.4 does EAP-pwd, but only with PREP_NONE

* wpa_supplicant 2.5 does EAP-pwd with PREP_MS (according to the source 
code). And there is 2.6 too.

* Ubuntu 16.04 comes with wpa_supplicant 2.4

* Debian Stretch (alpha 7) includes package wpasupplicant 
"2.5-2+v2.4-3", which is also 2.4 (confirmed with -v)

Its network GUI does however offer PWD, it does generate EAP exchanges 
to my test RADIUS server, and it connects if I have the 
Cleartext-Password in the RADIUS server.

* Fedora 24 has wpa_supplicant 2.5, and runs from a live CD. However its 
network config GUI is broken. You can select PWD when you first connect 
to a network, but nothing happens (I see no radius request from the AP); 
and when you edit the network security settings, PWD is not included in 
the list of options at all.

* Fedora 25 (alpha 2) also has wpa_supplicant 2.5, and its GUI appears 
to be identically broken

Still on Fedora 25 alpha, I tried configuring wpa_supplicant manually:

----
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

network={
     ssid="RADAUTH"
     key_mgmt=WPA-EAP
     proto=WPA2
     pairwise=CCMP
     group=CCMP
     eap=PWD
     identity="steve"
     password="testing"
}
----

Result:

/usr/sbin/wpa_supplicant -c wpa_supplicant.conf -i wlp3s0 -Dnl80211
...
Line 10: unknown EAP method 'PWD'
You may need to add support for this EAP method during wpa_supplicant
build time configuration

Ah - so they didn't even compile the EAP-pwd functionality. (Same answer 
with either "pwd" or "PWD")

So then I built wpa_supplicant 2.6 from source, back on Ubuntu 16.04 
now, and run with the config above. It still works with 
Cleartext-Password, but with NT-Password I get at the supplicant side:

EAP-PWD (peer): confirm did not verify
wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed

and hence the supplicant abandons the exchange. So it looks like I'm 
doing something wrong here.

Hmm: back to RFC 5931 - it refers to "PasswordHashHash" from RFC 2759. And:

8.3.  NtPasswordHash()

    NtPasswordHash(
    IN  0-to-256-unicode-char Password,
    OUT 16-octet              PasswordHash )
    {
       /*
        * Use the MD4 algorithm [5] to irreversibly hash Password
        * into PasswordHash.  Only the password is hashed without
        * including any terminating 0.
        */
    }

8.4.  HashNtPasswordHash()

    HashNtPasswordHash(
    IN  16-octet PasswordHash,
    OUT 16-octet PasswordHashHash )
    {
       /*
        * Use the MD4 algorithm [5] to irreversibly hash
        * PasswordHash into PasswordHashHash.
        */
    }

Ah - so maybe Control:NT-Password is "NtPasswordHash" which means it 
needs running through another iteration of MD4. I'll try that.

Regards,

Brian.

More information about the Freeradius-Users mailing list