Challenge Handshake Authentication Protocol

The Challenge Handshake Authentication Protocol ( CHAP ) is an authentication protocol that is used in the context of Point-to-Point Protocol (PPP). PPP is located on the data link layer in the Internet protocol family .

In addition to the CHAP implementation described in the RFC, there are also the variants MS-CHAPv1 ( RFC 2433 ) and MS-CHAPv2 ( RFC 2759 ) from Microsoft .

CHAP is specified in RFC 1994. In contrast to the forerunner Password Authentication Protocol (PAP), the CHAP places more emphasis on the security of the transmission of passwords . The authentication takes place in three steps:

1. A client initiates a connection to a dial-up server , and this requires authentication using CHAP. A random value (the challenge ) is transmitted to the client, which has to authenticate.
2. The client creates a hash value from the random number and the password using a hash function ( e.g. MD5 ) and transmits this to the dial-in server. Assuming that the hash function used is a one-way function , the password cannot be recalculated.
3. The dial-in server also calculates a hash value from the random number and the password it has stored (in plain text ). If this matches the value sent by the computer to be authenticated, the authentication is successful.

At a random interval, the dial-up server sends another random value (the challenge ) to the client, with which the second and third steps of the procedure are repeated.

safety

An attacker who overhears the communication thus only receives the random value and the hash value. Usually he cannot do anything with it because the password is not transmitted. Nevertheless, an attacker can carry out a man-in-the-middle attack if both CHAP and PAP are activated on the client side . For example, the server and client negotiate CHAPv2, an attacker could interrupt the connection and tell the client that the server is expecting PAP. The client then sends a PAP-ACK to the attacker and the attacker sends a CHAPv2-ACK to the server. A Challenge-REQ is then sent by the server, and the client sends the attacker the user ID and password, from which the Challenge-RES then comes. The server either accepts this or rejects it (ACK, NACK).

In July 2012, the online service CloudCracker announced that it would be able to crack VPN and WLAN connections based on MS-CHAPv2 within 24 hours. This service is offered to everyone for a fee. The brute force attack succeeds using parallelization and specially coordinated hardware.

If the password is not to be saved in plain text on the server, it can also be hashed several times. For this purpose, the password is first hashed on the client and then another hash is created from the hash obtained with the challenge. A hash is also created on the server from the password hash and the challenge, and these values ​​are then compared.

Individual evidence

1. ↑ Cloud service cracks VPN passwords in 24 hours at heise-Online, accessed on July 30, 2012

Web links

• RFC 1994 - PPP Challenge Handshake Authentication Protocol
• Description on TCP / IP info (with detailed graphic)
• [1] The death knell for PPTP