MS-CHAP

MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows NT 4.0 SP4 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release" and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista dropped support for MS-CHAPv1.

Compared with CHAP, MS-CHAP:

• is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
• provides an authenticator-controlled password change mechanism
• provides an authenticator-controlled authentication retry mechanism
• defines failure codes returned in the Failure packet message field

MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

Security Vulnerabilities and Cryptanalysis

Several weaknesses have been found in MS-CHAPv2, some of which severely reduce the complexity of brute-force attacks making them feasible with modern hardware.

• Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), co-written by Bruce Schneier
• Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2), by Jochen Eisinger

References

• RFC 1994 – PPP Challenge Handshake Authentication Protocol (CHAP)
• RFC 2433 – MS-CHAPv1
• RFC 2548 – RADIUS Encapsulation of MS-CHAPv1 and MS-CHAPv2
• RFC 2759 – MS-CHAPv2
• Microsoft Knowledge Base Article KB189771 – MS Windows 98 Dial-Up Networking Security Upgrade Release Notes