Wil, On Tue, 13 Feb 2001, Wil Cooley wrote: > > The idea that CHAP is more secure than PAP is a laughable one, which > > unfortunately has received a good deal of encouragement from such > > parties as Microsoft. CHAP unavoidably requires keeping a centralized > > archive of all passwords in plaintext on the server. Given that most > > PPP connections are not sniffable from the Internet, and given that > > most PPP *servers* /can/ be attacked from the Internet, it is almost > > always preferable to send cleartext-equivalent passwords on the wire and > > store one-way hashed passwords on the server, not the other way around. > I have to disagree here, and I've only recently found reason to. In a > lot of configurations nowadays, large ISP with lots of RASes like UUNet, > MegaPop, etc, sell dial-in to smaller regional ISPs, and use proxy RADIUS > to accomplish this. If I understand CHAP correctly (and I'm sure someone > will tell me if I'm wrong), the challenge happens between the RAS and > end RADIUS server--so the password will never pass through the proxy > RADIUS servers and the Internet in clear text. That said, I've never > used CHAP and haven't read much about it. I could also be wrong about > the nature of communication between RADIUS servers; I haven't read up > on the RADIUS protocol. Yes, CHAP is end-to-end, and this does guarantee that no one doing radius proxy for you will ever see your users' passwords. And by definition, in a radius proxy scenario the only shared secrets are between client and proxy and proxy and server, so without CHAP, the proxy in the middle does have access to the plaintext password. That's one downside to PAP that has to be taken into consideration when looking for a solution, but weighed against the dangers of keeping all my users' passwords in plaintext on the server, in that situation I'd be asking myself whether I wanted to be sending my users through a radius proxy that I couldn't trust. If you use RADIUS + PAP, and your RADIUS server is compromised, you only have to replace one password (the shared client-server secret) and possibly whatever passwords were sniffed out of the RADIUS traffic by the attacker during the course of the compromise. If you use RADIUS + CHAP, and your RADIUS server is compromised, you're totally screwed because there's a plaintext file sitting on your server somewhere that contains ALL the passwords for ALL your users. So I stand by the statement that it is *almost* always preferable to use PAP instead of CHAP. :) Steve Langasek postmodern programmer
