Re: Radius Autentication using Chap

From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 02/16/05

• Next message: Sam Salhi [MSFT]: "Re: How to configure IAS as a radius server with access-challenger mode"
• Previous message: Sam Salhi [MSFT]: "Re: PEAP auth with Verisign"
• In reply to: Alto: "Radius Autentication using Chap"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 15 Feb 2005 20:52:48 -0800

There doesn't exist any feasible "decoding" for MD5. You will need to store
the passwords in reversible encryption and have your API provide access to
the clear text passwords
If at all possible use MSCHAPv2 which is more secure than CHAP and doesn't
require Reversible encryption for the passwords

-- 
      =============================================
  This posting is provided "AS IS" with no warranties, and confers no rights
      =============================================
"Alto" <arnon.ayal@gmail.com> wrote in message 
news:1107157971.658180.279620@z14g2000cwz.googlegroups.com...
>I need to authorized users with Chap, the user's names & password are
> in an outside application that I have an API to it and they are not
> Windows users.
> I uses an extension Radius DLL that get the radius requests and work
> with the outside application by the API.
> I order to make authentication with the Chap mechanism I need to use
> MD5 decoding.
> Any ideas where I can find information of how to do this process?
> 

---

• Next message: Sam Salhi [MSFT]: "Re: How to configure IAS as a radius server with access-challenger mode"
• Previous message: Sam Salhi [MSFT]: "Re: PEAP auth with Verisign"
• In reply to: Alto: "Radius Autentication using Chap"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: IAS and MD5 error ... > a way not have to use the reversible encryption? ... I do not want to use MD5 ... > and I do not want to have to force the users to change their passwords to ... > get the authentication to work. ... (microsoft.public.windows.server.security) Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?) ... have customers logging in from the internet to pay their bills. ... There ARE programs that effectively can block keyloggers based upon API ... passwords and usernames - then asks the user ... (sci.crypt) IAS and MD5 error ... a way not have to use the reversible encryption? ... and I do not want to have to force the users to change their passwords to ... get the authentication to work. ... MD5 and failing due to the password not being reversibly encrypted. ... (microsoft.public.windows.server.security) Re: How to secure the Dotnet code ... As far as the HASP API is concerned, you will need to use your vendor ID and Passwords to call the API functions. ... We only have real world experience with the HARDLOCK dongle, ... (microsoft.public.dotnet.general) Re: Keylogger resistance ... The onscreen keyboard still sends keys through the API that the ... keylogger will be watching anyway. ... passwords and ask randomly selected characters from each making sure ... (sci.crypt)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet  > microsoft.public.internet.radius  > 2005-02