Re: [radext] Security of MS-CHAP

Alan DeKok <> Wed, 30 August 2023 14:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8E3BCC15153F for <>; Wed, 30 Aug 2023 07:34:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0lb9FvQIV-rX for <>; Wed, 30 Aug 2023 07:34:04 -0700 (PDT)
Received: from ( []) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 7BEA3C14CE39 for <>; Wed, 30 Aug 2023 07:34:04 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTPSA id 227C7268; Wed, 30 Aug 2023 14:34:00 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.\))
From: Alan DeKok <>
In-Reply-To: <19357.1693405237@localhost>
Date: Wed, 30 Aug 2023 10:33:59 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <19357.1693405237@localhost>
To: Michael Richardson <>
X-Mailer: Apple Mail (2.3696.
Archived-At: <>
Subject: Re: [radext] Security of MS-CHAP
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Aug 2023 14:34:06 -0000

On Aug 30, 2023, at 10:20 AM, Michael Richardson <> wrote:
>  If your password is common enough to be typable, then it's compromised.

  For public MS-CHAP.  Or for supplicants which don't validate the server certificate.

  PAP is somewhat stronger, surprisingly enough.  That's due to the obfuscation of the User-Password.

> So you might as well use a client-side certificate in the future :-)

  That is generally a preferred approach.

  If we really cared abut "fixing" MS-CHAP, we could just define attributes which transported the MS-CHAP data in new attributes which were then obfuscated as per User-Password.  If a proxy knows that the link is insecure, it could re-encode the data for that link.

  But I suspect that way lies madness.  The better approach is to give up on 1993-level security, and just use TLS.

  Alan DeKok.