[strongSwan] Authentication against Linux Users

Thu May 10 09:59:44 CEST 2018

Great thoughts guys, appreciate it.  

AWS does not have a built in RADIUS server (maybe..only did a quick search) so I have to think about service reliability (scalable, backup, resilience, etc).  It does have Active Directory though if thats a replaceable solution.

So the problem is that the MSCHAP Response from the client is an md4 hash of the password, which is a weak hash so even storing the plaintext as an md4 hash is insecure...

but what if the server stored the password in a sha256(md4(password)) hash and then when it received the md4 hash from the client, hashed that with sha256 to compare to?

The Server can send any fake md4 hash across the network to the client (unless the client does its own check of the hash)...

< send md4(anything)
> recv md4(password)
# hash md4(password) with sha256 and compare to locally stored hash

[1] https://tools.ietf.org/html/rfc2759 <https://tools.ietf.org/html/rfc2759>
[2] http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/A%20802.1X%20EAP-PEAP%20Reference/EAP_PEAP_handshake.htm <http://www.arubanetworks.com/techdocs/ClearPass/Aruba_DeployGd_HTML/Content/A%20802.1X%20EAP-PEAP%20Reference/EAP_PEAP_handshake.htm>
[3] http://manpages.ubuntu.com/manpages/xenial/man5/shadow.5.html <http://manpages.ubuntu.com/manpages/xenial/man5/shadow.5.html>
> On 9 May 2018, at 21:31, Thor Simon <Thor.Simon at twosigma.com> wrote:
> 
> At the expense of reducing the strength of your authentication (and potentially the confidentiality of your passwords) to that of an ad-hoc stream cipher based on MD5 -- unless you encapsulate RADIUS in something else, which adds some complexity but would work.
> 
> -----Original Message-----
> From: Users <users-bounces at lists.strongswan.org> On Behalf Of Tony Hoyle
> Sent: Wednesday, May 9, 2018 4:06 PM
> To: users at lists.strongswan.org
> Subject: Re: [strongSwan] Authentication against Linux Users
> 
> On 09/05/2018 16:17, Christian Salway wrote:
>> Unfortunately IKEv2 is a requirement, and they have requested 
>> username/password authentication because they don't like the "struggles"
>> of installed a CA cert and a client cert.
>> 
>> Currently the authentication is done with MSCHAPv2 which requires SS 
>> to have a plain text copy of the password in order to create the 
>> Challenge hash, I understand that.... however, what if SS was able to 
>> retrieve the plain text password from another source other than a 
>> local config file, eg Amazon's SecretsManager for example?  Is this 
>> something that is available or that you guys could write (at a price Im sure)?
>> 
> If you migrate all the password information into a radius server, that can handle both linux and strongswan login.
> 
> Tony

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180510/d6595832/attachment.html>