请输入您要查询的百科知识:

 

词条 MS-CHAP
释义

  1. Cryptanalysis

  2. See also

  3. References

MS-CHAP is the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows NT 4.0 SP4 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release"[1] and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista dropped support for MS-CHAPv1.

MS-CHAP is used as one authentication option in Microsoft's implementation of the PPTP protocol for virtual private networks. It is also used as an authentication option with RADIUS[2] servers which are used with IEEE 802.1X (e.g., WiFi security using the WPA-Enterprise protocol). It is further used as the main authentication option of the Protected Extensible Authentication Protocol (PEAP).

Compared with CHAP,[3] MS-CHAP:[4][5]

  • is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
  • provides an authenticator-controlled password change mechanism
  • provides an authenticator-controlled authentication retry mechanism
  • defines failure codes returned in the Failure packet message field

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

Cryptanalysis

Several weaknesses have been identified in MS-CHAP and MS-CHAPv2[6]. The DES encryption used in NTLMv1 and MS-CHAPv2 to encrypt the NTLM password hash make custom hardware attacks utilizing the method of brute force feasible. [7]

See also

  • EFF DES cracker

References

1. ^{{cite web|title=Windows 98 Dial-Up Networking Security Upgrade Release Notes (August 1998)|url=https://support.microsoft.com/en-us/kb/189771|website=Support|publisher=Microsoft|date=August 1998}}
2. ^{{Cite IETF |rfc=2548 |title=Microsoft Vendor-specific RADIUS Attributes}}
3. ^{{cite IETF |rfc=1994 |title=PPP Challenge Handshake Authentication Protocol (CHAP)}}
4. ^{{Cite IETF |rfc=2433 |title=Microsoft PPP CHAP Extensions}}
5. ^{{Cite IETF |rfc=2759 |title=Microsoft PPP CHAP Extensions, Version 2}}
6. ^{{Cite web |url=http://www.schneier.com/paper-pptpv2.pdf |title=Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) |first1=Bruce |last1=Schneier |authorlink1=Bruce Schneier |author2=Mudge |first3=David |last3=Wagner |website=schneier.com |date=19 October 1999 }}
7. ^{{Cite web |url=http://penguin-breeder.org/pptp/download/pptp_mschapv2.pdf |title=Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2) |first=Jochen |last=Eisinger |date=23 July 2001 |website=penguin-breeder.org}}
{{Authentication APIs}}

4 : Broken cryptography algorithms|Internet protocols|Microsoft Windows security technology|Computer access control protocols
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/11/14 13:13:11