MS-CHAP

From Wikipedia, the free encyclopedia

MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exist in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows 2000. Windows Vista drops support for MS-CHAPv1.

Compared with CHAP, MS-CHAP:

is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
provides an authenticator-controlled password change mechanism
provides an authenticator-controlled authentication retry mechanism
defines failure codes returned in the Failure packet message field

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

[edit] Security Vulnerabilities and Cryptanalysis

Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), co-written by Bruce Schneier

[edit] References

RFC 1994 - PPP Challenge Handshake Authentication Protocol (CHAP)
RFC 2433 - MS-CHAPv1
RFC 2548 - RADIUS Encapsulation of MS-CHAPv1 and MS-CHAPv2
RFC 2759 - MS-CHAPv2

Views

Interaction

Search

Languages

This page was last modified 09:13, 15 January 2008 by Wikipedia user DStoykov. Based on work by Wikipedia user(s) JohnQAlias, AlleborgoBot, SHayter, FlaBot, Warren, Cwolfsheep, JonHarder, Akhristov, Frap and Romal and Anonymous user(s) of Wikipedia.
All text is available under the terms of the GNU Free Documentation License. (See Copyrights for details.)
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a U.S. registered 501(c)(3) tax-deductible nonprofit charity.
About Wikipedia
Disclaimers