[strongSwan] Authentication against Linux Users
Christian Salway
christian.salway at naimuri.com
Mon May 14 13:52:37 CEST 2018
thanks. I've swapped over to using NTLM hashes
Regards,
Christian Salway
IT Consultant
Tel: 07463 331432
christian.salway at naimuri.com
<http://www.naimuri.com/>
<http://www.naimuri.com/>
> On 14 May 2018, at 10:13, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Christian,
>
>> but what if the server stored the password in a sha256(md4(password))
>> hash and then when it received the md4 hash from the client, hashed that
>> with sha256 to compare to?
>
> It doesn't receive the MD4 hash, which is only a part of the calculation
> of EAP-MSCHAPv2 (the NT password hash). The actual value that's
> transmitted (ChallengeResponse) and has to be verified (by doing the
> same calculation) also incorporates random challenges (see RFC 2759 [1]
> for details). Which is why the only thing you can store instead of the
> plainttext password is the NT hash (ntlm secrets in swanctl.conf).
>
>> The Server can send any fake md4 hash across the network to the client
>> (unless the client does its own check of the hash)...
>
> It does, the server sends its an AuthenticatorResponse, which
> incorporates the client's response and the random challenges (including
> one provided by the client) to prove it knows the password. So the EAP
> method does provide mutual authentication, however, a weak version
> because the server is authenticated after the client. Which means a
> MITM could attack a weak client password, which is why the server should
> be authenticated via IKEv2 pubkey authentication first (i.e. EAP-only
> authentication is not allowed for EAP-MSCHAPv2). EAP-MSCHAPv2 can also
> be tunneled in another EAP method (e.g. EAP-TTLS or EAP-PEAP) to
> authenticate the AAA server first.
>
> There are, of course, several other EAP methods based on passwords, with
> much stronger algorithms and some of them don't require plaintext
> passwords. The problem is that common clients (as those built-in
> Windows and Apple OSes) don't support them (and neither does strongSwan
> actually).
>
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180514/b87d4fdf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: email-signature-logo.png
Type: image/png
Size: 10961 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180514/b87d4fdf/attachment.png>
More information about the Users
mailing list