MSCHAP is an encrypted authentication mechanism which works very similar to CHAP. We have seen in CHAP, where a NAS server sends a challenge to the client consisting of a Session ID and a hash challenge string. The remote client then, returns back the challenge with the session ID and MD4 based hashed answer. The introduction of MD4 gave an extra level of security where the clear-text was replaced with the hash passwords. MS-CHAP gave more attributes to the secure transmission of password over the wire by adding more error code aware attributes like, password expired code, next level of encryption between client and server allowing user to change there password while connected to the NAS server or during authentication process. The additional encryption between client and server is supported by using an encryption key to support data encryption by MPPE (Microsoft Point to Point Encryption).
Posted by: Wasim Javed
No comments:
Post a Comment