MS-CHAP

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows NT 4.0 SP4 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release"^[1] and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista dropped support for MS-CHAPv1.

MS-CHAP is used as one authentication option in Microsoft's implementation of the PPTP protocol for virtual private networks. It is also used as an authentication option with RADIUS^[2] servers which are used for WiFi security using the WPA-Enterprise protocol. It is further used as the main authentication option of the Protected Extensible Authentication Protocol (PEAP).

Compared with CHAP,^[3] MS-CHAP:^[4]^[5]

is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
provides an authenticator-controlled password change mechanism
provides an authenticator-controlled authentication retry mechanism
defines failure codes returned in the Failure packet message field

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

Cryptanalysis

Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.^[6]^[7]

MS-CHAP and MS-CHAPv2 uses the same weak 56-bit DES encryption as NTLMv1 to encrypt the NTLM password hash. 56-bit encryption had been well known as weak for years, but CloudCracker provided a service targeted at cracking this weak DES encryption.^[8]. The service is now available at crack.sh.^[9]^[10]

References

Vorlage:Reflist

Vorlage:Authentication APIs

↑ Windows 98 Dial-Up Networking Security Upgrade Release Notes (August 1998). In: Support. Microsoft, August 1998; abgerufen im 1. Januar 1.
↑ Vorlage:Cite IETF
↑ Vorlage:Cite IETF
↑ Vorlage:Cite IETF
↑ Vorlage:Cite IETF
↑ Bruce Schneier, Mudge, David Wagner: Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2). (PDF) In: schneier.com. 19. Oktober 1999; abgerufen im 1. Januar 1.
↑ Jochen Eisinger: Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2). In: penguin-breeder.org. 23. Juli 2001; abgerufen im 1. Januar 1.
↑ Moxie Marlinspike, David Hulton: Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate. In: Cloud Cracker. 29. Juli 2012, archiviert vom Original am 16. März 2016; abgerufen im 1. Januar 1.
↑ The World's fastest DES cracker
↑ Think Complex Passwords Will Save You?, David Hulton, Ian Foster, BSidesLV 2017

[1] Windows 98 Dial-Up Networking Security Upgrade Release Notes (August 1998). In: Support. Microsoft, August 1998; abgerufen im 1. Januar 1.

[2] Vorlage:Cite IETF

[3] Vorlage:Cite IETF

[4] Vorlage:Cite IETF

[5] Vorlage:Cite IETF

[6] Bruce Schneier, Mudge, David Wagner: Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2). (PDF) In: schneier.com. 19. Oktober 1999; abgerufen im 1. Januar 1.

[7] Jochen Eisinger: Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2). In: penguin-breeder.org. 23. Juli 2001; abgerufen im 1. Januar 1.

[8] Moxie Marlinspike, David Hulton: Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate. In: Cloud Cracker. 29. Juli 2012, archiviert vom Original am 16. März 2016; abgerufen im 1. Januar 1.

[9] The World's fastest DES cracker

[10] Think Complex Passwords Will Save You?, David Hulton, Ian Foster, BSidesLV 2017

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

Cryptanalysis

See also

References