authenticate against SHA2 hash in EAP-MSCHAPv2

Stefan Winter stefan.winter at restena.lu
Thu Mar 1 09:50:33 CET 2018


Hi,

> please correct me, if I'm wrong.

You are wrong.

> When using mschapv2, user sends his password in cleartext and FreeRadius
> compares it to one stored in, e.g., "users":

The user's password gets hashed on his client device into NT-Hash form
(MD4), which is, as you've been explained numerous times before,
incompatible with any other hashing form. It never gets sent in clear text.

Due to that, none of what you write below applies.

Greetings,

Stefan Winter

> 
> 1) if Cleartext-Password used, then just compare strings
> 2) if NT-Password used, then create NTLM hash from supplied password and
> compare hashes
> 3) otherwise reject request (no other allowed methods)
> 
> the issue with this is the following - there are many systems with tens
> of users which use "users" since there is no sense to supply LDAP/etc
> additionally to FreeRadius (not a big scale). But if, using any way,
> "users" file will leak outside, then we can assume open access to system
> - cleartext is cleartext, while services like
> https://hashkiller.co.uk/ntlm-decrypter.aspx with databases of
> previously stolen hashes (thank to always vulnerable Windows) can be
> used to search for the specific hash and, thus, to get corresponding
> password.
> 
> Why not to add 3rd, 4th and next *internal* checks against records in
> "users" if we know which kind of hash used there? I mean
> 
> 3) if SHA2_256-Password used, then create SHA256 hash and compare hashes
> 4) if SHA2_512-Password used, then create SHA512 hash and compare hashes
> ...
> n) reject request as there are no other methods
> 
> while all these "SHA2_xxx" methods can be aliases to SHA2 when used with
> EAP-GTC or other methods. So, (a) this is internal deal of Freeradius
> which don't break any standards and (b) will prevent password reverse
> engineering in case of configuration leakage.
> 
> Thank you.
> 
> On 2/28/18 12:55 PM, Arran Cudbard-Bell wrote:
>>
>>> On Feb 28, 2018, at 4:34 PM, Volodymyr Litovka <doka.ua at gmx.com> wrote:
>>>
>>> Hi colleagues,
>>>
>>> I'm pretty new in FreeRadius and looks missing something that will
>>> allow me to authenticate MSCHAP users agains stored SHA256 hashes.
>>>
>> See magic bingo card:
>> http://deployingradius.com/documents/protocols/compatibility.html
>>
>> Same applies to SHA256 as it does SHA1.
>>
>> -Arran
>>
>>
>> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
>> FreeRADIUS Development Team
>>
>> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20180301/f1a8f93e/attachment.sig>


More information about the Freeradius-Users mailing list