Authentication methods

There are a number of PPP authentication protocols that are supported by the RADIUS protocol. Each protocol has advantages and disadvantages in terms of security, usability, and breadth of support. The protocol used will be determined by the configuration of the NAS device. Consult your NAS documentation if you are configuring a dial-up network, or consult your Internet service srovider if you are using an ISP for dial-up access to your LAN. The following is a summary of the authentication protocols currently supported by IAS.

Password Authentication Protocol (PAP)

The Password Authentication Protocol (PAP) simply passes a password as a string from the end user’s computer to the NAS device. When the NAS forwards the password, it is encrypted using the RADIUS shared secret as an encryption key. PAP is the most flexible protocol because passing a plaintext password to the authentication server enables that server to compare the password with nearly any storage format. For example, UNIX passwords are stored as one-way encrypted strings that cannot be decrypted. PAP passwords can be compared to these strings by reproducing the encryption method.

Because it uses a plaintext version of the password, PAP has a number of security vulnerabilities. Although the RADIUS protocol encrypts the password for transmission over the Internet, it is transmitted “in the clear” across the dial-up connection and decrypted at the RADIUS proxy and RADIUS server.

Challenge Handshake Authentication Protocol (CHAP)

Challenge Handshake Authentication Protocol (CHAP) is designed to address the concern of passing passwords in clear text. In CHAP the NAS sends a random number challenge to the end user’s computer which is then one-way encrypted (hashed) with the user’s password. The client computer then sends this hash as a response to the NAS challenge and the NAS forwards both challenge and response by means of the RADIUS protocol.

When the authenticating server receives the RADIUS packet, it uses the challenge and the user’s password to create its own version of the response. If the server’s calculation matches the response supplied by the user’s computer, the access request is accepted.

CHAP alleviates the concern of transmitting a plaintext password over the Internet because the hashed version of the password and challenge cannot be decrypted. CHAP responses cannot be reused because NAS devices send a unique challenge each time a client computer connects to them. Because the algorithm for calculating CHAP responses is well known, it is very important that CHAP passwords be carefully chosen and sufficiently long. CHAP passwords that are common words or names are vulnerable to dictionary attacks if they can be discovered by calculating responses to the CHAP challenge with every entry in a dictionary. Passwords that are not sufficiently long can be discovered by brute force by simply calculating the CHAP response to sequential trials until a match to the user’s response is found.

CHAP is the most common dial-up authentication protocol used but not all authentication servers support it. When the server does not store the same password that was used to calculate the CHAP response, it cannot calculate an equivalent response. Since standard CHAP clients use the plaintext version of the password to create the CHAP challenge response, plaintext passwords are necessary on the server to calculate an equivalent response. For example, both Windows NT and UNIX servers store hashed values of user passwords and, therefore, cannot reproduce the plaintext password that the client computer used to create the challenge response.

Although the IAS server supports CHAP, a standard Windows NT domain controller cannot validate CHAP requests without support for storing reversibly encrypted passwords. This support will be available through an update to the Windows NT domain controller.

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

Microsoft CHAP is a variant of CHAP that does not require a plaintext version of the password on the authenticating server. In MS-CHAP the challenge response is calculated with a hashed version of the password and the NAS challenge. This enables authentication over the Internet to an unmodified Windows NT domain controller. MS-CHAP passwords are stored more securely at the server but have the same vulnerabilities to dictionary and brute force attacks as CHAP. When using MS-CHAP it is important to ensure that passwords are well chosen (not found in a standard dictionary) and long enough that they cannot be calculated readily. Many large customers require passwords to be at least six characters long with upper and lower case characters and at least one numeral.

Several of the largest NAS vendors are currently implementing MS-CHAP in their software, and Microsoft will work with them to ensure interoperability. Consult your NAS vendor’s documentation or ISP to see if they currently support MS-CHAP.


© 1997 by Microsoft Corporation. All rights reserved.