EAP-pwd and NT-Password
b.candler at pobox.com
Fri Oct 7 16:30:35 CEST 2016
On 06/10/2016 20:09, Brian Candler wrote:
> However, when testing with my phone (Android 5.1): it is able to
> EAP-pwd authenticate with a cleartext password:
> steve Cleartext-Password := "testing"
> but not when using the MS hash:
> steve NT-Password := 0x7c53cfa5ea7d0f9b3b968aa0fb51a3f5
I've been testing this with Linux, and there's lots of brokenness out there.
* wpa_supplicant 2.4 does EAP-pwd, but only with PREP_NONE
* wpa_supplicant 2.5 does EAP-pwd with PREP_MS (according to the source
code). And there is 2.6 too.
* Ubuntu 16.04 comes with wpa_supplicant 2.4
* Debian Stretch (alpha 7) includes package wpasupplicant
"2.5-2+v2.4-3", which is also 2.4 (confirmed with -v)
Its network GUI does however offer PWD, it does generate EAP exchanges
to my test RADIUS server, and it connects if I have the
Cleartext-Password in the RADIUS server.
* Fedora 24 has wpa_supplicant 2.5, and runs from a live CD. However its
network config GUI is broken. You can select PWD when you first connect
to a network, but nothing happens (I see no radius request from the AP);
and when you edit the network security settings, PWD is not included in
the list of options at all.
* Fedora 25 (alpha 2) also has wpa_supplicant 2.5, and its GUI appears
to be identically broken
Still on Fedora 25 alpha, I tried configuring wpa_supplicant manually:
/usr/sbin/wpa_supplicant -c wpa_supplicant.conf -i wlp3s0 -Dnl80211
Line 10: unknown EAP method 'PWD'
You may need to add support for this EAP method during wpa_supplicant
build time configuration
Ah - so they didn't even compile the EAP-pwd functionality. (Same answer
with either "pwd" or "PWD")
So then I built wpa_supplicant 2.6 from source, back on Ubuntu 16.04
now, and run with the config above. It still works with
Cleartext-Password, but with NT-Password I get at the supplicant side:
EAP-PWD (peer): confirm did not verify
wlp3s0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
and hence the supplicant abandons the exchange. So it looks like I'm
doing something wrong here.
Hmm: back to RFC 5931 - it refers to "PasswordHashHash" from RFC 2759. And:
IN 0-to-256-unicode-char Password,
OUT 16-octet PasswordHash )
* Use the MD4 algorithm  to irreversibly hash Password
* into PasswordHash. Only the password is hashed without
* including any terminating 0.
IN 16-octet PasswordHash,
OUT 16-octet PasswordHashHash )
* Use the MD4 algorithm  to irreversibly hash
* PasswordHash into PasswordHashHash.
Ah - so maybe Control:NT-Password is "NtPasswordHash" which means it
needs running through another iteration of MD4. I'll try that.
More information about the Freeradius-Users