[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: authenticate against SHA2 hash in EAP-MSCHAPv2
From: Stefan Winter <stefan.winter () restena ! lu>
Date: 2018-02-28 11:36:28
Message-ID: 0813664f-4f15-a293-63b8-07a47f7c01ff () restena ! lu
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hello,
> - How can I make authentication protocol X work with passwords stored as Y?
> - You can't.
>
> it's magic, thank you.
No, it's mathematics.
MSCHAP hashing destroys the cleartext password, and you can never get it
back.
SHA2 hashing destroys the cleartext password in a different way, you can
never get it back, and it is totally unrelated to what MSCHAP produces.
So,
- comparisons between cleartext and MSCHAP works: apply MSCHAP to
cleartext and compare results
- comparisons between cleartext and SHA2 works: apply SHA2 to cleartext
and compare results
- comparisons between MSCHAP and SHA2 does not work: two different
variants of gibberish are uncomparable
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic