The newer version of MS-CHAP was introduced some after the older one giving it a name MS-CHAP V2. The encryption authentication mechanism was updated with much stronger security specifically when the username and password can now be exchanged along with determination of encryption keys. Initially the NAS server attempts to send the session ID and challenge to the remote client. The remote client uses the hash algorithm to reply back to NAS server's challenge string along with the supported encryption type, the session ID, its own peer challenge and the user password. In next step, the NAS server verifies client's information and responds with the another ID specifying the reason if this connection was a success or failure based upon the information like the negotiated encryption type, Peer challenge response, and decision on the NAS server challenge (the password client has provided).
The remote client verifies this information with the one it sent before and connects to the NAS server. If for some reason the authentication response was not correct, the remote client will terminate the connection. Therefore, it's a behavior where the both client and server authenticate each other mutually. Also, there are two type of encryption keys used, one of sending the data and the other one receiving the data.
Posted by: Wasim Javed
No comments:
Post a Comment