Jump to content

MS-CHAP: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m Cryptanalysis: link DES
Line 15: Line 15:
Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.<ref>{{Cite web |url=http://www.schneier.com/paper-pptpv2.pdf |title=Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) |first1=Bruce |last1=Schneier |authorlink1=Bruce Schneier |author2=Mudge |first3=David |last3=Wagner |website=schneier.com |date=19 October 1999 |format=[[PDF]]}}</ref><ref>{{Cite web |url=http://penguin-breeder.org/pptp/download/pptp_mschapv2.pdf |title=Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2) |first=Jochen |last=Eisinger |date=23 July 2001 |website=penguin-breeder.org}}</ref>
Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.<ref>{{Cite web |url=http://www.schneier.com/paper-pptpv2.pdf |title=Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) |first1=Bruce |last1=Schneier |authorlink1=Bruce Schneier |author2=Mudge |first3=David |last3=Wagner |website=schneier.com |date=19 October 1999 |format=[[PDF]]}}</ref><ref>{{Cite web |url=http://penguin-breeder.org/pptp/download/pptp_mschapv2.pdf |title=Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2) |first=Jochen |last=Eisinger |date=23 July 2001 |website=penguin-breeder.org}}</ref>


MS-CHAP and MS-CHAPv2 uses the same weak 56-bit DES encryption as NTLMv1 to encrypt the NTLM password hash. 56-bit encryption had been well known as weak for years, but CloudCracker provided a service targeted at cracking this weak DES encryption.<ref>{{Cite web|url=https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |title=Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate |first=Moxie |last=Marlinspike |authorlink=Moxie Marlinspike |first2=David |last2=Hulton |work=Cloud Cracker |date=29 July 2012 |archiveurl=https://web.archive.org/web/20160316174007/https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |archivedate=16 March 2016 |deadurl=yes |df= }}</ref>. The service is now available at crack.sh.<ref>[http://crack.sh The World's fastest DES cracker]</ref><ref>''Think Complex Passwords Will Save You?,'' David Hulton, Ian Foster, BSidesLV 2017</ref>
MS-CHAP and MS-CHAPv2 uses the same weak 56-bit [[Data Encryption Standard|DES]] encryption as NTLMv1 to encrypt the NTLM password hash. 56-bit encryption had been well known as weak for years, but CloudCracker provided a service targeted at cracking this weak DES encryption.<ref>{{Cite web|url=https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |title=Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate |first=Moxie |last=Marlinspike |authorlink=Moxie Marlinspike |first2=David |last2=Hulton |work=Cloud Cracker |date=29 July 2012 |archiveurl=https://web.archive.org/web/20160316174007/https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ |archivedate=16 March 2016 |deadurl=yes |df= }}</ref>. The service is now available at crack.sh.<ref>[http://crack.sh The World's fastest DES cracker]</ref><ref>''Think Complex Passwords Will Save You?,'' David Hulton, Ian Foster, BSidesLV 2017</ref>


==See also==
==See also==

Revision as of 19:34, 28 July 2017

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows NT 4.0 SP4 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release"[1] and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista dropped support for MS-CHAPv1.

MS-CHAP is used as one authentication option in Microsoft's implementation of the PPTP protocol for virtual private networks. It is also used as an authentication option with RADIUS[2] servers which are used for WiFi security using the WPA-Enterprise protocol. It is further used as the main authentication option of the Protected Extensible Authentication Protocol (PEAP).

Compared with CHAP,[3] MS-CHAP:[4][5]

  • is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
  • provides an authenticator-controlled password change mechanism
  • provides an authenticator-controlled authentication retry mechanism
  • defines failure codes returned in the Failure packet message field

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

Cryptanalysis

Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.[6][7]

MS-CHAP and MS-CHAPv2 uses the same weak 56-bit DES encryption as NTLMv1 to encrypt the NTLM password hash. 56-bit encryption had been well known as weak for years, but CloudCracker provided a service targeted at cracking this weak DES encryption.[8]. The service is now available at crack.sh.[9][10]

See also

References

  1. ^ "Windows 98 Dial-Up Networking Security Upgrade Release Notes (August 1998)". Support. Microsoft. August 1998.
  2. ^ Microsoft Vendor-specific RADIUS Attributes. doi:10.17487/RFC2548. RFC 2548.
  3. ^ PPP Challenge Handshake Authentication Protocol (CHAP). doi:10.17487/RFC1994. RFC 1994.
  4. ^ Microsoft PPP CHAP Extensions. doi:10.17487/RFC2433. RFC 2433.
  5. ^ Microsoft PPP CHAP Extensions, Version 2. doi:10.17487/RFC2759. RFC 2759.
  6. ^ Schneier, Bruce; Mudge; Wagner, David (19 October 1999). "Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)" (PDF). schneier.com.
  7. ^ Eisinger, Jochen (23 July 2001). "Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2)" (PDF). penguin-breeder.org.
  8. ^ Marlinspike, Moxie; Hulton, David (29 July 2012). "Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate". Cloud Cracker. Archived from the original on 16 March 2016. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
  9. ^ The World's fastest DES cracker
  10. ^ Think Complex Passwords Will Save You?, David Hulton, Ian Foster, BSidesLV 2017