12 Replies Latest reply: Aug 7, 2010 12:37 AM by The_Cisco_Kid RSS

    CHAP Authentication

    Nicolas MICHEL

      Hey guys !

       

      I've got an issue with CHAP and it's blowing my mind .

      First i'm not sure this is the right place to post that kind of question , and I would like to apologize to anyone offended .

       

      I'm actually having 2 routers connected by a Serial interface.

      The link is up/up , ping is OK , OSPF neighbors OK ! So everything is great

      But i want to add CHAP authentication on that link .

      Here is what I do :

       

      encapsulation ppp

      ppp authentication chap

       

      then i add username of both router on both router

      link is still operationnal but the prroblem is that passwords are type 7 and can be cracked easily.Does Chap send password for authentication in clear text ?

       

      I have tried this :

       

      username R1 secret 0 cisco

      username R2 secret 0 cisco

       

      now link is up/down and debug ppp authentication says : can't authenticate peer .

       

      I don't understand why it does not work .... anyone got an idea ??

       

      Thanks for helping

        • 1. Re: CHAP Authentication
          Paul Stewart  -  CCIE Security

          The way I understand it is this.  CHAP will hash everything as it does its authentication.  To do that the router must be able to reverse the type 7 password.  Since the md5 hash of the secret is irreversible, it will not use the secret as a authentication mechanism for chap.

           

          There is no reason technically that two Cisco routers could not simply hash what is after the word "secret" and authenticate anyway if they had chose to write the code that way.  However, in that case, the password would actually be the md5 hash that is visible and not the value used to create it.  In either case, it is a hash that traverses the wire so the benefit of going to secret is protecting the configuration from prying eyes and not actually the security of the connectivity.

           

           

          See restrictions in the following document:

           

          http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ft_md5.html#wp1025394

          • 2. Re: CHAP Authentication
            Nicolas MICHEL

            Hey Paul and thanks for the answer

             

            I have been reading the 1994 RFC and i have found my answer :

             

            CHAP requires that the secret be available in plaintext form.
               Irreversably encrypted password databases commonly available cannot
               be used.

             

             

            so I cannot use type 5 passwords to authenticate my routers

             

            thanks again for the help

            • 3. Re: CHAP Authentication
              Conwyn

              Hi Nicolas

               

              Remember the password are not exchanged they are use to build the challenge.

               

              Regards Conwyn

              • 4. Re: CHAP Authentication
                Scott Morris - CCDE/4xCCIE/2xJNCIE

                Everyone's got good answers, so I won't repeat them... But the underlying thing is that the type 7 encryption is designed to protect the "over the shoulder" hacking as someone quickly skims/reads something without having the rights to do so.

                 

                If they have privileged access to your equipment, you are screwed no matter what because if they see it, they can change it! 

                 

                As Conwyn says, the password isn't technically exchanged (e.g. can't be sniffed on the wire) over a network.

                 

                With hackers, you have you pick your battles. And you have to put the correct pieces into the correct places to thwart them.

                 

                HTH,

                 

                Scott

                • 5. Re: CHAP Authentication
                  Nicolas MICHEL

                  Hey Scott , Hey Conwyn

                   

                  Thanks again for the help (again and again )

                   

                  • I don't see why the password should be reversible in CHAP .
                  • Is there a way to use Microsoft CHAP V2 to encrypt the password in the routers ? Is that good or bad ?

                   

                  Also there is a question that I m asking to myself each time I'm running a show run (lot of time indeed)

                   

                  • Why if you create 2 users on 2 differents routers with the same password using this command :

                   

                  username scott secret 0 cisco

                  username conwyn secret 0 cisco

                   

                  you have 2 differents hashes .... I don't get why ...

                   

                  Thanks if you both could light me on this

                  • 6. Re: CHAP Authentication
                    toor

                    MCL.Nicolas wrote:

                     

                    Also there is a question that I m asking to myself each time I'm running a show run (lot of time indeed)

                     

                    • Why if you create 2 users on 2 differents routers with the same password using this command :

                     

                    username scott secret 0 cisco

                    username conwyn secret 0 cisco

                     

                    you have 2 differents hashes .... I don't get why ...

                     

                    Thanks if you both could light me on this

                    To get MD5 hash of the password you use salt which is computed semi-randomly. Then salt along with actual password is used to create MD5 hash. The string between $1$ and $ in your secret is the salt, after that you have actual MD5 hash.

                     

                    Hope that helps,

                     

                    Toor

                    • 7. Re: CHAP Authentication
                      Nicolas MICHEL

                      Thanks for this answer

                       

                      It helped me to understand few concepts

                      • 8. Re: CHAP Authentication
                        Paul Stewart  -  CCIE Security

                        I had an eloborate post written up this morning, but I realized it only made sense in my head and wasn't explaining it well.  The reason that the IOS must see it in clear text is because it uses that value to seed the challenge and response.  Let me give a really simple authentication challenge and response.  We'll use 987654321 as the password (I'm sure the challenge response of CHAP is much more sophisticated than this).

                         

                        RTR A  connects to router B

                        RTR B says prove your identity?

                        RTR A says how can I do that?

                        RTR B says add your 3rd and 5th digits then multiply them by the sum of the 6.  Then divide everything by the number of characters. Round to hundredths (this is the challenge)

                        RTR A computes ((7+5) * 4) / 9 = 5.33

                        RTR A sends 5.33 (this is the response)

                        RTR B performs the same computation on its password

                         

                        If it matches authentication is successful. If not, it fails.  In the real world CHAP does mutual authentication by default and I don't know all the details to its hash nor its challenge/response mechanism.

                         

                        Now if you compare that to authenticating to a router with a secret.  The router knows what a hash of the password is.  You should know what the password is,  If you feed the router the password that you know it can perform the same algorithm on it as was performed when it built it into the configuration.  If the hash it created from the authentication attempt matches that of the configuration, authentication is successful.  If not, you will be denied.

                         

                        I hope that clarifies a bit.  At least in my mind, I can see why the clear text password is necessary for chap.  It's really not a security weakness, you must take other means to protect those configurations.  I'm sure there are rainbow tables that you can run against the secrets as well.  If that is the case, you might not recover the password, but you will have a string that will produce the same hash and thus let you in.  In other words a "hash colision".  Wow, I went a bit off topic.

                        • 9. Re: CHAP Authentication
                          toor

                          You are welcome!

                           

                          Toor

                          • 10. Re: CHAP Authentication
                            Nicolas MICHEL

                            Ahahah that was a bit complicated to understand but thanks

                            • 11. Re: CHAP Authentication
                              Nicolas MICHEL

                              Is there a way to use another authentication protocol that encrypts both username/password ?  MS-CHAP ? Going to google that and I'll let you know if interested

                               

                              If someone has some answers, I'd be glad to learn from you

                              • 12. Re: CHAP Authentication
                                The_Cisco_Kid

                                Everyone

                                 

                                I read a post about the MD5 and hashing where someone posted they created the same password over a few times but the hash came out different each time.

                                 

                                Why is this?

                                 

                                The reason I ask is because I read this post and where Paul has explained this

                                 

                                "Now if you compare that to authenticating to a router with a secret.  The router knows what a hash of the password is.  You should know what the password is,  If you feed the router the password that you know it can perform the same algorithm on it as was performed when it built it into the configuration.  If the hash it created from the authentication attempt matches that of the configuration, authentication is successful.  If not, you will be denied."

                                 

                                -------------------

                                 

                                So basically I am confused, does the hash come back differently each time the alogorithm is done or does it come up the same?

                                 

                                If RTR A sends a password to RTR B - then the MD5 alogorithm should always return the same result.

                                 

                                Is that why the only thing truly that changes is the salt in the beginning? The salt must match to bring back the same result, right?

                                 

                                I hope I am understanding this all correctly.

                                 

                                Please respond, anyone can give me a response and I would appreciate that knowledge.

                                 

                                Thank you in advance!

                                 

                                 

                                Joe