EAP-pwd and NT-Password

Brian Candler b.candler at pobox.com
Fri Oct 7 16:30:35 CEST 2016

On 06/10/2016 20:09, Brian Candler wrote:
> However, when testing with my phone (Android 5.1): it is able to 
> EAP-pwd authenticate with a cleartext password:
> steve   Cleartext-Password := "testing"
> but not when using the MS hash:
> steve  NT-Password := 0x7c53cfa5ea7d0f9b3b968aa0fb51a3f5 

I've been testing this with Linux, and there's lots of brokenness out there.

* wpa_supplicant 2.4 does EAP-pwd, but only with PREP_NONE

* wpa_supplicant 2.5 does EAP-pwd with PREP_MS (according to the source 
code). And there is 2.6 too.

* Ubuntu 16.04 comes with wpa_supplicant 2.4

* Debian Stretch (alpha 7) includes package wpasupplicant 
"2.5-2+v2.4-3", which is also 2.4 (confirmed with -v)

Its network GUI does however offer PWD, it does generate EAP exchanges 
to my test RADIUS server, and it connects if I have the 
Cleartext-Password in the RADIUS server.

* Fedora 24 has wpa_supplicant 2.5, and runs from a live CD. However its 
network config GUI is broken. You can select PWD when you first connect 
to a network, but nothing happens (I see no radius request from the AP); 
and when you edit the network security settings, PWD is not included in 
the list of options at all.

* Fedora 25 (alpha 2) also has wpa_supplicant 2.5, and its GUI appears 
to be identically broken

Still on Fedora 25 alpha, I tried configuring wpa_supplicant manually:




/usr/sbin/wpa_supplicant -c wpa_supplicant.conf -i wlp3s0 -Dnl80211
Line 10: unknown EAP method 'PWD'
You may need to add support for this EAP method during wpa_supplicant
build time configuration

Ah - so they didn't even compile the EAP-pwd functionality. (Same answer 
with either "pwd" or "PWD")

So then I built wpa_supplicant 2.6 from source, back on Ubuntu 16.04 
now, and run with the config above. It still works with 
Cleartext-Password, but with NT-Password I get at the supplicant side:

EAP-PWD (peer): confirm did not verify
wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed

and hence the supplicant abandons the exchange. So it looks like I'm 
doing something wrong here.

Hmm: back to RFC 5931 - it refers to "PasswordHashHash" from RFC 2759. And:

8.3.  NtPasswordHash()

    IN  0-to-256-unicode-char Password,
    OUT 16-octet              PasswordHash )
        * Use the MD4 algorithm [5] to irreversibly hash Password
        * into PasswordHash.  Only the password is hashed without
        * including any terminating 0.

8.4.  HashNtPasswordHash()

    IN  16-octet PasswordHash,
    OUT 16-octet PasswordHashHash )
        * Use the MD4 algorithm [5] to irreversibly hash
        * PasswordHash into PasswordHashHash.

Ah - so maybe Control:NT-Password is "NtPasswordHash" which means it 
needs running through another iteration of MD4. I'll try that.



More information about the Freeradius-Users mailing list