UGN Security Forums
My ProfileMember DirectoryLogin
Search our ForumsView our FAQView our Site Rules
View our CalendarView our Active TopicsGo to our Main Page

UGN Security Store
 

Network Sites UGN Security, The GoNix Initiative, Elite Web Gamers, Back of the Web, EveryDay Helper, VNC Web Design & Development
September
Su M Tu W Th F Sa
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Sponsored Links
Latest Postings
The History Thread...
by Gremelin
Yesterday at 09:42 AM
Doom 3
by Cyrez
09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666
08/22/14 09:21 AM
Latest Reviews
Topic Options
Rate This Topic
#18458 - 04/08/03 10:36 PM CHAP (Challege Handshake Authentication Protocol)
jonconley Offline
UGN Super Poster

Registered: 10/08/02
Posts: 955
Loc: Merrill, IA, USA
Ok. I was studying for Security+ and read about CHAP. It was a replacement for PAP b/c PAP sent passwords in plain-text.

So I have some questions about the actual level of security/benefits of CHAP.

First, here is how I understand CHAP works.

  • Client connects and logs in with username
  • Server will find UID for username and then find the associated secret (password)
  • Server then uses a challenge (string) and sends it to the client
  • Client receives the challenge and encrypts it using the password entered by user
  • This creates a hash which is then sent to the server
  • Server uses the password stored at its location, and generates a hash also
  • Server checks its hash w/ clients hash
  • Match results in authentication success sent to client, or if no match, the authentication fails


PROS:
Unlike PAP, password not sent in plain-text
Other methods send encrypted, but with CHAP the password isn't even sent encrypted, its a modified hash using challenge.

CONS:
Even though this prevents replay, what is the point of taking it a step further and using a challenge w/ password to create a hash. Doesn't this just mean rather than grabbing a single hash, the hacker must sniff hash/challenge.

Local storage of passwords must be in plain text to allow the ability to hash each session.

-+-+-+-+-+-+-+-+-+-+-+
How does this really provide any benefit over the normal method of sending an encrypted password? And isn't the plaintext storage a larger security risk then sending over an encrypted password like normally done?
-+-+-+-+-+-+-+-+-+-+-+

Top
Sponsored Links
      
#18459 - 04/09/03 05:45 AM Re: CHAP (Challege Handshake Authentication Protocol)
SilentRage Offline
DollarDNS Owner

Registered: 03/04/02
Posts: 1273
Loc: OH, USA
There is something you're missing I think. If a client sends a plain encrypted password to the server for authentication (however the server chooses to do it) what is stopping a sniffer from using the exact same byte stream? Who needs to know the password when all you need to do is send the encrypted form? It's practically as insecure as sending the password plain-text.

So they seek to make it more secure by using the challenge to be included in the hash so that randomized challenges may prevent sniffers from reusing the hash sent for authentication. It does not matter if the sniffer SEES the challenge, cause the challenge SHOULD change every time it is sent.

That is a fairly secure system.

You are right though about the password having to be stored locally in plain text. That is... if it isn't encrypted using a key and therefor must be decrypted before each hashing. The protocol has no control over how the password is stored - the protocol is secure. It is the local computer's responsibility for local security.
_________________________
Domain Registration, Hosting, Management
http://www.dollardns.net

Top
#18460 - 04/14/03 07:15 PM Re: CHAP (Challege Handshake Authentication Protocol)
Infinite Offline



Registered: 03/09/02
Posts: 1041
Loc: Canada eh
Heh, finally got around to posting in this topic.

For a reeally good breakdown on how chap works check out this link:

http://www.cisco.com/warp/public/471/understanding_ppp_chap.html

As another note, you can encrypt passwords on a cisco router to be used in authentication. Now, I've done some looking around and what I see is two things.

1. You cannot encrypt passwords for use with CHAP

2. The command 'service password-encryption' will encrypt all the passwords on the router.

But nowhere have I seen anything that says these two rules aren't compatible. I looked on the router to see what it had to say about the command. Here's the output if you are interested:
Code:
Router(config)#service ?
  compress-config        Compress the configuration file
  config                 TFTP load config files
  dhcp                   Enable DHCP server and relay agent
  disable-ip-fast-frag   Disable IP particle-based fast fragmentation
  exec-callback          Enable exec callback
  exec-wait              Delay EXEC startup on noisy lines
  finger                 Allow responses to finger requests
  hide-telnet-addresses  Hide destination addresses in telnet command
  linenumber             enable line number banner for each exec
  nagle                  Enable Nagle's congestion control algorithm
  old-slip-prompts       Allow old scripts to operate with slip/ppp
  pad                    Enable PAD commands
  password-encryption    Encrypt system passwords
  prompt                 Enable mode specific prompt
  pt-vty-logging         Log significant VTY-Async events
  slave-log              Enable log capability of slave IPs
  tcp-keepalives-in      Generate keepalives on idle incoming network
                         connections
  tcp-keepalives-out     Generate keepalives on idle outgoing network
                         connections
  tcp-small-servers      Enable small TCP servers (e.g., ECHO)
  telnet-zeroidle        Set TCP window 0 when connection is idle
  timestamps             Timestamp debug/log messages
  udp-small-servers      Enable small UDP servers (e.g., ECHO)

Router(config)#service
The command we are interested here is 'service password-encryption'. I dunno, just threw this in cause I know you can encrypt the password, I just need to verify that when you do CHAP will fail.

And that's my two cents.

Infinite

Top
#18461 - 04/25/03 12:51 AM Re: CHAP (Challege Handshake Authentication Protocol)
black^Pimp Offline
UGN GFX Whore

Registered: 09/26/02
Posts: 624
Loc: Underground
While i was studying on my CCNA academy, we had PAP and CHAP on the 4th semester, and in the final exam there were lots of questions bout em. CHAP is realy more secure but i don't wanna go through details coz SR already explained clearly. Although i dunno but i have this feeling that still PAP is more widely used then CHAP...

bp
_________________________
+^Born Intelligence

Top
#18462 - 06/09/03 09:38 PM Re: CHAP (Challege Handshake Authentication Protocol)
Gollum Offline
Member

Registered: 06/05/02
Posts: 207
Loc: US
some points about chap:

it can still be compromised. it is more secure than pap? of course. but is it trustworthy? hardly. but once again, not primarily in the structure of it, but mostly b/c of the crapiness of the LM hash algorithm. anyway, l0phtcrack for example, will sniff for smb authentication attempts. it'll capture the challenge and the users hash (which was encrypted using the challenge) what it'll then do, is try to crack it by encrypting the challenge w/ random strings until it matches the users hash.

but, b/c, like sr said, chap uses random challenges, it'd be impossible to use the hash instead of just using the password. however, it is still possible to use the hash to gain privelages on only a local system (i believe). basically, if you're logged in as a user, and say, have an administrators hash. you could write a program (as i dont' believe there are any available) which'll edit the lsass values stored in memory to change your credentials.

that's all i got for now.//
_________________________
Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me

Top
#18463 - 06/10/03 02:42 PM Re: CHAP (Challege Handshake Authentication Protocol)
Infinite Offline



Registered: 03/09/02
Posts: 1041
Loc: Canada eh
Gollum, your post confuses me.

Quote:
but mostly b/c of the crapiness of the LM hash algorithm.
I thought chap uses MD5, but I might be wrong. I'll look it up after I finish this post :p

Quote:
anyway, l0phtcrack for example, will sniff for smb authentication attempts. it'll capture the challenge and the users hash (which was encrypted using the challenge) what it'll then do, is try to crack it by encrypting the challenge w/ random strings until it matches the users hash.
What does SMB have to do with CHAP? This is a totally unrelated protocol, and I'll cover that more below.

Quote:
but, b/c, like sr said, chap uses random challenges, it'd be impossible to use the hash instead of just using the password. however
Well of course sending the password won't work, CHAP by definition does not ever put a password on the wire.

Quote:
however, it is still possible to use the hash to gain privelages on only a local system (i believe).
And this is where you totally lost me. CHAP is an authentication protocol used between peers during the negotion of a PPP link (primarily). For example, one router wishing to establish a PPP link with an adjoining router could have to respond to CHAP authentication challenge from the router it is requesting the link from. Or when you dial up a modem connection the same thing would occur. CHAP has absolutely no use locally. You don't use it to login, access, or otherwise gain priviledged access to a machine you are in front of. I totally don't get where you are coming from here.

Quote:
basically, if you're logged in as a user, and say, have an administrators hash. you could write a program (as i dont' believe there are any available) which'll edit the lsass values stored in memory to change your credentials.
That just makes no sense to me. The reasons should be clear now.


*edit*
CHAP requires the use of an 'one-way hash' function to operate. The type of hash does not matter as long as both ends are using the same type. This is all the rfc says about it:

Quote:

1. After the Link Establishment phase is complete, the
authenticator sends a "challenge" message to the peer.

2. The peer responds with a value calculated using a "one-way
hash" function.

3. The authenticator checks the response against its own
calculation of the expected hash value. If the values match,
the authentication is acknowledged; otherwise the connection
SHOULD be terminated.

4. At random intervals, the authenticator sends a new challenge to
the peer, and repeats steps 1 to 3.
Infinite

Top
#18464 - 06/10/03 09:56 PM Re: CHAP (Challege Handshake Authentication Protocol)
Gollum Offline
Member

Registered: 06/05/02
Posts: 207
Loc: US
http://www.securityfocus.com/guest/1512 - that should explain most of it.

when i said "local system" i also added "(i believe)" indicating i wasn't 100% sure.

and:
"What does SMB have to do with CHAP? This is a totally unrelated protocol, and I'll cover that more below."

SMB is a client server, request-response protocol.
CHAP is an authentication protocol.

while it is true they are not directly related, both are used when you authenticate a user trying to log into shares on a system that uses chap.
therefore, when you sniff smb sessions, you will also pick up the challenge handshake.

as for:

"'but, b/c, like sr said, chap uses random challenges, it'd be impossible to use the hash instead of just using the password. however'

Well of course sending the password won't work, CHAP by definition does not ever put a password on the wire."

i actually meant to say: "...it'd be impossible to use the hash like you would use a password." in other words: the hash isn't a key, unlike a password, it's random every time.

and then:

"I thought chap uses MD5, but I might be wrong. I'll look it up after I finish this post"

http://www.informatik.tu-darmstadt.de/BS/Pagnia/AKSC/NT_passw.html

but more specifically(from the above link):

3. When MS had the chance to do things a different way (ie Network challenge/response obfuscation on NT boxes) they implemented it based upon LM techniques to break up components

basically, i do belive that they use md5 (or 4?) in the nt hash algorithm. but, it won't use that unless the machine is an nt machine.

"The LM hash is incredibly weak and your more secure NT hash is brought down to the lowest common denominator. Thus, the challenge response is completely brute-forcable for the LM-hash. MS made the "oversight" of still sending the LM-hash response along with the NT response even when SP3 was installed. "

i'm not an expert on this, but i do believe that is correct.
//
_________________________
Unbodied unsouled unheard unseen
Let the gift be grown in the time to call our own
Truth is natural like a wind that blows
Follow the direction no matter where it goes
Let the truth blow like a hurricane through me

Top

Moderator:  §intå×, Gremelin 
Featured Member
Registered: 08/22/14
Posts: 1
Forum Stats
2148 Members
46 Forums
34470 Topics
69640 Posts

Max Online: 1567 @ 04/25/10 02:20 AM
Top Posters
UGN Security 27632
Gremelin 7193
§intå× 3255
SilentRage 1273
Ice 1146
pergesu 1136
Infinite 1041
jonconley 955
Girlie 908
unreal 860
Newest Members
Tim050, Gecko666, defghi795767, Devo60, ali
2148 Registered Users
Who's Online
1 registered (Gremelin), 305 Guests and 359 Spiders online.
Key: Admin, Global Mod, Mod
Latest News


Donate
  Get Firefox!
Get FireFox!