MS-CHAP
Encyclopedia
MS-CHAP is the Microsoft
version of the Challenge-handshake authentication protocol
, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows NT 4.0
SP4 and was added to Windows 98
in the "Windows 98 Dial-Up Networking Security Upgrade Release" and Windows 95
in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista
dropped support for MS-CHAPv1.
Compared with CHAP, MS-CHAP:
MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
version of the Challenge-handshake authentication protocol
Challenge-handshake authentication protocol
In computing, the Challenge-Handshake Authentication Protocol authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider. CHAP is specified in RFC 1994....
, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows NT 4.0
Windows NT 4.0
Windows NT 4.0 is a preemptive, graphical and business-oriented operating system designed to work with either uniprocessor or symmetric multi-processor computers. It was the next release of Microsoft's Windows NT line of operating systems and was released to manufacturing on 31 July 1996...
SP4 and was added to Windows 98
Windows 98
Windows 98 is a graphical operating system by Microsoft. It is the second major release in the Windows 9x line of operating systems. It was released to manufacturing on 15 May 1998 and to retail on 25 June 1998. Windows 98 is the successor to Windows 95. Like its predecessor, it is a hybrid...
in the "Windows 98 Dial-Up Networking Security Upgrade Release" and Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...
in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
dropped support for MS-CHAPv1.
Compared with CHAP, MS-CHAP:
- is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
- provides an authenticator-controlled password change mechanism
- provides an authenticator-controlled authentication retry mechanism
- defines failure codes returned in the Failure packet message field
MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.
Security Vulnerabilities and Cryptanalysis
Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.- Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), co-written by Bruce SchneierBruce SchneierBruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
- Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2), by Jochen Eisinger