Re: [radext] Security of MS-CHAP

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 30 August 2023 14:20 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1CF0C15153F for <radext@ietfa.amsl.com>; Wed, 30 Aug 2023 07:20:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RwQ_3Tom65Ff for <radext@ietfa.amsl.com>; Wed, 30 Aug 2023 07:20:40 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8E60C14F75F for <radext@ietf.org>; Wed, 30 Aug 2023 07:20:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 563EF3898E; Wed, 30 Aug 2023 10:20:38 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id sCHq-LO-TO1o; Wed, 30 Aug 2023 10:20:37 -0400 (EDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:812:88ff:fe79:302e]) by tuna.sandelman.ca (Postfix) with ESMTP id AF5153898D; Wed, 30 Aug 2023 10:20:37 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1693405237; bh=t1vZQOWsX1klqItCm6e0DbngfFpbLhmEr+NGDE1c46Q=; h=From:To:Subject:In-Reply-To:References:Date:From; b=wDZ5c/f6rPTq4bitdrUSTs6aa4hmzcvui9tCkJD1UVXrKXYvDw702XsIFf31VrCyW Rf97WnRmEja71dnBbVyJqn5Xq5Mjd5k7TXZ85/EMco/8+QM8VmFGZbGV5PnbdnhdFE JoUxWphPcNbTZXIkUI1uIJwXFoFq/241cnn0RiB2PRdojOepvZ2cOEASYd/I4MBDFo 7u+akC0fE91AfhfynAqPO8Hx3us4wp3GzHlecdhc5DVwqR/J05ojB2fTRL1mbLHL66 XMAenJXCKpgEsJfNxFIGbFa+rTBWuGZHYW8iECvEpqcFUpyHEgqWJQKuEZSf6pzKHN jZE33IDRM7xJw==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id AB65F53F; Wed, 30 Aug 2023 10:20:37 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Alan DeKok <aland@deployingradius.com>, radext@ietf.org
In-Reply-To: <530B7883-826D-40F0-8948-09443C12021B@deployingradius.com>
References: <530B7883-826D-40F0-8948-09443C12021B@deployingradius.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 30 Aug 2023 10:20:37 -0400
Message-ID: <19357.1693405237@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/6Ukm42lXruPhJaHViYeLSeDs6DU>
Subject: Re: [radext] Security of MS-CHAP
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2023 14:20:45 -0000

Alan DeKok <aland@deployingradius.com> wrote:
    >   Strong passwords still need to be brute forced, as they won't appear
    > in the database.  But for common passwords. the construction of MS-CHAP
    > means that there are attacks which are 5 orders of magnitude faster
    > than brute force.

My take home:
  If your password is common enough to be typable, then it's compromised.

So you might as well use a client-side certificate in the future :-)

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide