Re: [radext] Security of MS-CHAP

Alan DeKok <aland@deployingradius.com> Wed, 30 August 2023 14:34 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E3BCC15153F for <radext@ietfa.amsl.com>; Wed, 30 Aug 2023 07:34:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0lb9FvQIV-rX for <radext@ietfa.amsl.com>; Wed, 30 Aug 2023 07:34:04 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BEA3C14CE39 for <radext@ietf.org>; Wed, 30 Aug 2023 07:34:04 -0700 (PDT)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 227C7268; Wed, 30 Aug 2023 14:34:00 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <19357.1693405237@localhost>
Date: Wed, 30 Aug 2023 10:33:59 -0400
Cc: radext@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2B947B48-E59E-4EB5-A541-6FF74F722F37@deployingradius.com>
References: <530B7883-826D-40F0-8948-09443C12021B@deployingradius.com> <19357.1693405237@localhost>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/2loVNg3PbSSfQzsZHxglmCRjrmI>
Subject: Re: [radext] Security of MS-CHAP
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2023 14:34:06 -0000

On Aug 30, 2023, at 10:20 AM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>  If your password is common enough to be typable, then it's compromised.

  For public MS-CHAP.  Or for supplicants which don't validate the server certificate.

  PAP is somewhat stronger, surprisingly enough.  That's due to the obfuscation of the User-Password.

> So you might as well use a client-side certificate in the future :-)

  That is generally a preferred approach.

  If we really cared abut "fixing" MS-CHAP, we could just define attributes which transported the MS-CHAP data in new attributes which were then obfuscated as per User-Password.  If a proxy knows that the link is insecure, it could re-encode the data for that link.

  But I suspect that way lies madness.  The better approach is to give up on 1993-level security, and just use TLS.

  Alan DeKok.