How do you explain that Microsoft Clients almost all use MSCHAP in some form to authenticate and that all Microsoft passwords are stored in encrypted form... ;) Did you read the MSCHAPV2 specs before writing the e-mail? I can't recall the exact specs of MSCHAPV2 but the I remember it to be something like: Client Server <------------------- CHALLENGE ----> HASH( CHALLENGE + NTHASH(PASSWORD)) server retrieves NTHASH(PASSWORD) from LDAP database. server verifies HASH(CHALLENGE + NTHASH(PASSWORD)) bake for 10 minutes in a pre-heated oven gasmark 10 and he presto there is your crypto link. Regards, Tom Rixom -----Oorspronkelijk bericht----- Van: Artur Hecker [mailto:[EMAIL PROTECTED] Verzonden: wo 25-2-2004 19:39 Aan: [EMAIL PROTECTED] CC: Onderwerp: Re: PEAP / MSCHAP2 / LDAP
<<winmail.dat>>
