the implications you mention might be correct but sorry, i don't think your explanation is correct.
the problem is that if the NT-hashes are not reversible (as you claim), than you couldn't have been storing them in your LDAP with whichever protocol (e.g. not with MS-CHAPv2 as you claim), whatever would be its hash function, as long as the latter is cryptographically reasonable (i.e. before all non-linear).
for instance, if you had a protocol which uses MD5 for hashing of the challenge, you still couldn't just have put the MD5-hash in the database and hope that it would work. it wouldn't work out, for the following reason:
[the plus (+) represents the concatenation in the following]
Client (C) Server (S) posess pre-shared passwd x.
challenge p
<----------
C calculates:
RES = md5(x+p) RES
----------->
S needs to verify RES;
S calculates from p (known) and x (pre-shared):
md5(x+p) = y
if and only if y == RES, the Client is alright. now, if S only has the hash, i.e. md5(x),
it can't do ANYTHING, because MD5 is not
linear *at all*, i.e.:
md5(x+p) != md5(x)+md5(p)thus, S NEEDS the cleartext (badly!)
the same holds for every cryptographic hash. from that i deduce that, if you really store NT-Hashes in your LDAP, the NT-Hashes actually *are* reversible. your server obtains back the clear text and uses it then for verification.
ciao artur
OK, time for some user education has to happen here. (Feel free to correct me if this is in any way wrong) NT-Hash is a password encryption technology just like crypt is a password encryption technology. If you have a clear text password you can encrypt it and come out with a NT-Hash password, or you could encrypt it and come out with a crypt password. However, once it is in an encrypted form it is impossible to compare two different encryption forms to tell if it is the same password. PEAP / MSCHAPv2 passes the password encrypted with NT-Hash encryption, so it is impossible to compare it against the crypt password stored in LDAP. It is also impossible to decrypt the NT-Hash password back to a clear text password, so the password passed with PEAP / MSCHAPv2 cannot be used in a LDAP bind either. It is possible to use PEAP / MSCHAPv2 with LDAP, however one must store the NT-Hash password in LDAP. I've had the same problem with crypts as my password encryption in LDAP. I ended having to create an extra LDAP attribute for NT-Hash passwords. Whenever a user now goes through a password change, the NT-Hash password attribute will also be populated at the same time the crypt password is changed in LDAP. After you set this up, make sure to define the attribute in the ldap.attrmap for NT-Password and it will work great with PEAP / MSCHAPv2.
Chris Wieringa [EMAIL PROTECTED]
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
