Geek Answers Handbook

RADIUS with MS-CHAPv2 Explanation

It is not possible to find flowcharts that communicate between peers. I know how it works in a radius with PAP enabled, but it seems that you need to work a lot with MS-Chapv2.

I am trying to develop a RADIUS server to receive and validate user requests. Please help me in the form of information, not code.

+8
vpn radius
source share
3 answers

MSCHAPv2 is quite complex and usually runs as part of another EAP method, such as EAP-TLS, EAP-TTLS, or PEAP. These external methods encrypt the exchange of MSCHAPv2 using TLS. For example, the figure below shows a PEAP block diagram in which a client or supplicant establishes a TLS tunnel with a RADIUS server (authentication server) and performs MSCHAPv2 exchange.

enter image description here

The MSCHAPv2 exchange itself can be summarized as follows:

  • AS starts by creating a 16-byte random server task and sends it to the Provider.
  • The provider also generates a random 16-bit peer-to-peer task. Then the response request is calculated based on the user's password. This call response is sent back to the AS, as well as the expert call.
  • AS checks the response to the request.
  • The AS calculates peer-to-peer calls based on password requests and peer-to-peer networks.
  • The provider verifies the response of the expert team, completing the authentication of MSCHAPv2.

If you want to know the details and accurate calculations, do not hesitate to check my thesis here . Sections 4.5.4 and 4.5.3 should contain all the information necessary to implement a RADIUS server capable of performing MSCHAP exchange.

As you can see in the figure, many different keys are displayed and used. This document provides a very non-fiction understanding of their functionality. However, CSK is not explained in this document. This key is not necessarily used for a “cryptographic lens”, that is, in order to prove to AS that both TLS tunnels and MSCHAPv2 exchange were performed by the same node. You can get the MSK only from the TLS secret key, but then you will be vulnerable to a relay attack (the thesis also contains a research article that gives an example of such an attack).

Finally, asleap readme provides another good and general step-by-step description of the MSCHAPv2 protocol, which may help you further.

+11
source share

Unfortunately, I can not add more comments, the requirement for me to have 50 reputation.

At your request: My lab environment is an SSL-VPN used with AS RADIUS. Built with the following three elements:

  • End user → there is no “client” installed, the connection starts through the web portal. client = web browser

  • NAS → This is a machine that provides a web portal (the place where the end user enters a username and password) and acts as a RADIUS client, sending requests to the AS.

  • AS (RADIUS) -> This is me. I receive access requests and verify the username and password.

So, according to this, I get in the Access-Request:

MS-chap2-Answer: 7d00995134e04768014856243ebad1136e3f00000000000000005a7d2e6888dd31963e220fa0b700b71e07644437bd9c9e09

MS-CHAP-Challenge: 838577fcbd20e293d7b06029f8b1cd0b

According to RFC2548:

  • MS-CHAP-Challenge . This attribute contains the call sent by the NAS to the Microsoft-Challenge-Handshake Authentication Protocol (MS-CHAP) user. It MAY be used in Access-Request and Access-Challenge packages.

  • MS-CHAP2-Response This attribute contains the response value provided by MS- CHAP-V2 peers in response to a call. It is used only in Access-Request packets.

If I understand correctly, and please be calm, this is all very new to me, based on your AS flowchart, Authenticator also supports LCP. And in my case, the LCP is initiated by the NAS, so my life has become simple, and I get an Access-Request without having to create a tunnel.

Now my question is: how can I decrypt the password? I realized there was a random call to a 16-byte key, but which is stored by NAS.

From my recollection I need to know a common secret and decipher all this using the algorithm described in your thesis.

But algorithem is huge, I tried different sites to see what part of its AS should be used and failed in every attempt to decrypt. Since I can no longer ask for help in this thread, I can only say that this small text box cannot fill in the amount of gratitude that I have for your help, it is really lucky that you see my thread.

Email me, my contact information is in my profile. Also, for some reason, I cannot mark your answer as a solution.

+1
source share

" usually performed by another EAP method, such as EAP-TLS, EAP-TTLS, or PEAP."

Well ... RADIUS win2008 configured to NO EAP, only MS-CHAPv2 encryption to replace PAP.

That's why a lot of what you said and what I said did not work out ... I am not MITM, I am AS, and my NAS (the one who knocks) is the RADIUS_Client / Authenticator.

When a user enters UN & PW, the random encryption I'm looking for is created using MS-CHAPv2, and all of the above does not matter.

With elements received from the authenticator, which again: - Username, MS-CHAP-Challenge, MS-CHAP2-Response

AS performs a magic ceremony to come up with the following: -Access-Accept

-MPPE-Send-Key

-MPPE-Recv-Key

-MS-chap2-sucess

-MS-CHAP-DOMAIN

This is from a working scenario where I have a RADIUS server, radius client and user.

The working scenario is NOT the one where I am the RADIUS server (AS), so my goal is to create a RADIUS server, not MITM. So, all I have left is to find out what decryption algorithm is needed for those and how.

0
source share

More articles:


All Articles