MSCHAP v2 / PPTP

  • Thread starter Thread starter Macca
  • Start date Start date
M

Macca

Hoping someone can answer this question for me:

During authentication is a users password encrypted when
using MSCHAP v2/PPTP?

Thanks,
Macca
 
In MS-CHAP v2, the password is never sent across the network.Instead the MD4
hash of the password is used to encrypt the challenge string that was sent
by the other party. Since the other party knows the password already, it
will recompute the encryption of the challenge string it had sent and if it
matches with the one sent by the first party, the authentication is
successful.

Thanks
Giri
 
In MS-CHAP v2, the password is never sent across the network.Instead the
MD4
hash of the password is used to encrypt the challenge string that was sent
by the other party. Since the other party knows the password already, it
will recompute the encryption of the challenge string it had sent and if it
matches with the one sent by the first party, the authentication is
successful.
Click to expand...

Correct in principle (and as relevant to the question he asked), and...

I think you will find that even the "other side" doesn't (necessarily) know
the
password -- the other side knows a one-way hash of the password.

Thus the issue with CHAP needing the users password stored in "reversible
encrypted" format.
 
Back
Top