MS-CHAP is the

Microsoft Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...

version of the Challenge-Handshake Authentication Protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with pptp3-fix that was included in Windows NT 4.0 SP4 and was added to

Windows 98 Windows 98 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of Microsoft Windows operating systems. The second operating system in the 9x line, it is the successor to Windows 95, and was released ...

in the "Windows 98 Dial-Up Networking Security Upgrade Release" and

Windows 95 Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufactu ...

in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade.

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

dropped support for MS-CHAPv1. MS-CHAP is used as one authentication option in Microsoft's implementation of the

PPTP The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues. PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate P ...

protocol for virtual private networks. It is also used as an authentication option with

RADIUS In classical geometry, a radius ( : radii) of a circle or sphere is any of the line segments from its center to its perimeter, and in more modern usage, it is also their length. The name comes from the latin ''radius'', meaning ray but also the ...

servers which are used with IEEE 802.1X (e.g.,

WiFi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio wa ...

security using the WPA-Enterprise protocol). It is further used as the main authentication option of the

Protected Extensible Authentication Protocol : ''PEAP is also an acronym for Personal Egress Air Packs.'' Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypte ...

(PEAP). Compared with CHAP, MS-CHAP: * is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol * provides an authenticator-controlled password change mechanism * provides an authenticator-controlled authentication retry mechanism * defines failure codes returned in the Failure packet message field MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet. MS-CHAP requires each peer to either know the plaintext password, or an MD4 hash of the password. and does not transmit the password over the link. As such, it is not compatible with most password storage formats.

Cryptanalysis

Several weaknesses have been identified in MS-CHAP and MS-CHAPv2. The DES encryption used in NTLMv1 and MS-CHAPv2 to encrypt the NTLM password hash make custom hardware attacks utilizing the method of brute force feasible. More recently, MS-CHAP has been completely broken.

References

{{Authentication APIs Broken cryptography algorithms Internet protocols Microsoft Windows security technology Computer access control protocols

Cryptanalysis

See also

References