ms-chap.txt

pptp第二层隧道模块

        Rc4Encrypt(
            IN  x-octet Clear,
            IN  integer ClearLength,
            IN  y-octet Key,
            IN  integer KeyLength,
            OUT x-octet Cypher )
        {
            Use the RC4 encryption algorithm [5] to encrypt Clear of
            length ClearLength octets into a Cypher of the same length
            such that the Cypher can only be decrypted back to Clear
            by providing a Key of length KeyLength octets.
        }





Cobb                                                           [Page 13]

Memo                Microsoft PPP CHAP Extensions             March 1997


    Old NT Hash Encrypted with New NT Hash

        This field contains the old Windows NT password hash encrypted
        with the new Windows NT password hash, as output by the
        OldNtPasswordHashEncryptedWithNewNtPasswordHash routine below:

        OldNtPasswordHashEncryptedWithNewNtPasswordHash(
            IN  0-to-256-unicode-char NewPassword,
            IN  0-to-256-unicode-char OldPassword,
            OUT 16-octet              EncryptedPasswordHash )
        {
            NtPasswordHash(
                OldPassword,
                giving OldPasswordHash )

            NtPasswordHash(
                NewPassword,
                giving NewPasswordHash )

            PasswordHashEncryptedWithBlock(
                OldPasswordHash,
                NewPasswordHash,
                giving EncrytptedPasswordHash )
        }


    Password Encrypted with Old LM Hash

        This field contains the PWBLOCK form of the new Windows NT
        password encrypted with the old LAN Manager password hash, as
        output by the NewPasswordEncryptedWithOldLmPasswordHash
        routine below:

        NewPasswordEncryptedWithOldLmPasswordHash(
            IN  0-to-256-unicode-char NewPassword,
            IN  0-to-256-unicode-char OldPassword,
            OUT datatype-PWBLOCK      EncryptedPwBlock )
        {
            LmPasswordHash(
                OldPassword,
                giving PasswordHash )

            EncryptPwBlockWithPasswordHash(
                NewPassword,
                PasswordHash,
                giving EncryptedPwBlock )
        }








Cobb                                                           [Page 14]

Memo                Microsoft PPP CHAP Extensions             March 1997


    Old LM Hash Encrypted with New NT Hash

        This field contains the old LAN Manager password hash encrypted
        with the new Windows NT password hash, as output by the
        OldLmPasswordHashEncryptedWithNewNtPasswordHash routine below:

        OldLmPasswordHashEncryptedWithNewNtPasswordHash(
            IN  0-to-256-unicode-char NewPassword,
            IN  0-to-256-unicode-char OldPassword,
            OUT 16-octet              EncryptedPasswordHash )
        {
            LmPasswordHash(
                OldPassword,
                giving OldPasswordHash )

            NtPasswordHash(
                NewPassword,
                giving NewPasswordHash )

            PasswordHashEncryptedWithBlock(
                OldPasswordHash,
                NewPasswordHash,
                giving EncrytptedPasswordHash )
        }


    LAN Manager compatible challenge response
    Windows NT compatible challenge response

        The challenge response fields as described in the Response
        packet description, but calculated on the new password and the
        same challenge used in the last response.


    Flags

        Bit field of option flags:

            0    : The "use Windows NT compatible challenge response"
                   flag as described in the Response packet.

            1    : Set 1 indicates that the "Password Encrypted with
                   Old LM Hash" and "Old LM Hash Encrypted With New NT
                   Hash" fields are valid and should be used.  Set 0
                   indicates these fields are not valid.

                   For the broadest possible interoperability,
                   implementations are encouraged to provide both the
                   Windows NT and LAN Manager fields when the password
                   is LAN Manager compatible.  This is what Windows NT
                   does.

            2-15 : Reserved, always set 0.


Cobb                                                           [Page 15]

Memo                Microsoft PPP CHAP Extensions             March 1997


9. Negotiation Examples

    Here are some examples of typical negotiations.  The authenticatee
    is on the left and the authenticator is on the right.

    The packet sequence ID is incremented on each authentication retry
    Response and on the change password response.  All cases where the
    packet sequence ID is updated are noted below.

    Response retry is never allowed after either Change Password.
    Change Password may occur after Response retry.  The implied
    challenge form is shown in the examples, though all cases of
    "first challenge+23" should be replaced by the
    "C=cccccccccccccccc" challenge if authenticator supplies it in the
    Failure packet.


    Successful authentication

            <- Challenge
        Response ->
            <- Success


    Failed authentication with no retry allowed

            <- Challenge
        Response ->
            <- Failure (E=691 R=0)


    Successful authentication after retry

            <- Challenge
        Response ->
            <- Failure (E=691 R=1), disable short timeout
        Response (++ID) to first challenge+23 ->
            <- Success


    Failed hack attack with 3 attempts allowed

            <- Challenge
        Response ->
            <- Failure (E=691 R=1), disable short timeout
        Response (++ID) to first challenge+23 ->
            <- Failure (E=691 R=1), disable short timeout
        Response (++ID) to first challenge+23+23 ->
            <- Failure (E=691 R=0)






Cobb                                                           [Page 16]

Memo                Microsoft PPP CHAP Extensions             March 1997


    Successful authentication with password change

            <- Challenge
        Response ->
            <- Failure (E=648 R=0), disable short timeout
        ChangePassword (++ID) to first challenge ->
            <- Success

    Successful authentication with retry and password change

            <- Challenge
        Response ->
            <- Failure (E=691 R=1), disable short timeout
        Response (++ID) to first challenge+23 ->
            <- Failure (E=648 R=0), disable short timeout
        ChangePassword (++ID) to first challenge+23 ->
            <- Success


10. Hash Example

    Intermediate values for password "MyPw".

    8-octet Challenge:
    10 2D B5 DF 08 5D 30 41

    0-to-14-oem-char LmPassword:
    4D 59 50 57

    16-octet LmPasswordHash:
    75 BA 30 19 8E 6D 19 75 AA D3 B4 35 B5 14 04 EE

    24-octet LmChallengeResponse:
    91 88 1D 01 52 AB 0C 33 C5 24 13 5E C2 4A 95 EE
    64 E2 3C DC 2D 33 34 7D

    0-to-256-unicode-char NtPassword:
    4D 00 79 00 50 00 77 00

    16-octet NtPasswordHash:
    FC 15 6A F7 ED CD 6C 0E DD E3 33 7D 42 7F 4E AC

    24-octet NtChallengeResponse:
    4E 9D 3C 8F 9C FD 38 5D 5B F4 D3 24 67 91 95 6C
    A4 C3 51 AB 40 9A 3D 61










Cobb                                                           [Page 17]

Memo                Microsoft PPP CHAP Extensions             March 1997


REFERENCES

    [1] Simpson, W., "The Point-to-Point Protocol (PPP)", RFC 1331,
        Daydreamer, May 1992

    [2] LLoyd, B and Simpson, W., "PPP Authentication Protocols",
        RFC 1334, L&A and Daydreamer respectively, Octobet 1992

    [3] "Data Encryption Standard (DES)" is Federal Information
        Processing Standard publication 46, National Institute of
        Standard and Techology.

    [4] Rivest, R., "MD4 Message Digest Algorithm", RFC 1320, MIT
        Laboratory for Computer Science and RSA Data Security, Inc.,
        April 1992.

    [5] RC4 is an encryption standard available from RSA Data Security
        Inc.

    [6] The 8-octet StdText string used in the LAN Manager compatible
        password hashing and the 8-octet KeyValue used in the Change
        Password (version 1) packet are not available for public
        distribution at this time.  Contact the Microsoft Developer
        Relations group (at time of writing dbeaver@microsoft.com) for
        details on obtaining these values.  On this particular point
        the author can't help you.





























Cobb                                                           [Page 18]

Memo                Microsoft PPP CHAP Extensions             March 1997


CHAIR'S ADDRESS

    The working group can be contacted via the current chair:

        Fred Baker
        Email: fred@cisco.com



AUTHOR'S ADDRESS

    The author is a developer in Microsoft's Windows NT
    Internetworking group, which monitors the ietf-ppp@merit.edu
    discussions.  Questions can also be directed as below, where email
    is preferred.

        Steve Cobb
        Microsoft Corporation
        One Microsoft Way
        Redmond, WA  98052-6399

        Email: stevec@microsoft.com

    The author maintains an informal mailing list of persons
    interested in MS-CHAP and other news regarding Windows NT support
    for PPP authentication protocols.  Send email if interested.





























Cobb                                                           [Page 19]