MS-CHAP v1

  • Article

The Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1) is an encrypted authentication mechanism very similar to CHAP. As in CHAP, the remote access server sends a challenge to the remote client that consists of a session ID and an arbitrary challenge string. The remote client must return the user name and a Message Digest 4 (MD4) hash of the challenge string, the session ID, and the MD4-hashed password.

One difference between CHAP and MS-CHAP v1 is that, in CHAP, the plaintext version of the password must be available to validate the challenge response. With MS-CHAP v1, the remote access server only requires the MD4 hash of the password to validate the challenge response. In Windows 2000, the user's password is stored as an MD4 hash and in a reversibly encrypted form. When CHAP is used, the remote access server decrypts the reversibly encrypted password to validate the remote access client's response.

MS-CHAP v1 authentication is an exchange of three messages:

  1. The remote access server sends an MS-CHAP Challenge message containing a session ID and an arbitrary challenge string.

  2. The remote access client returns an MS-CHAP Response message containing the user name in cleartext and a hash of the challenge string, session ID, and the MD4 hash of the client's password using the MD4 one-way hashing algorithm.

  3. The remote access server duplicates the hash and compares it to the hash in the MS-CHAP Response. If the hashes are the same, the remote access server sends back an MS-CHAP Success message. If the hashes are different, an MS-CHAP Failure message is sent.

The use of MS-CHAP v1 is negotiated during LCP negotiation by specifying the authentication protocol LCP option (type 3), the authentication protocol 0xC2-23, and the algorithm 0x80. Once LCP negotiation is complete, MS-CHAP v1 messages use the PPP protocol ID of 0xC2-23.

MS-CHAP v1 also allows for error codes including a "password expired" code and password changes. MS-CHAP v1 protects against replay attacks by using an arbitrary challenge string per authentication attempt. MS-CHAP v1 does not provide protection against remote server impersonation.

If MS-CHAP v1 is used as the authentication protocol and MPPE is negotiated, then shared secret encryption keys are generated by each PPP peer. MS-CHAP v1 also provides a set of messages that allows a user to change their password during the user authentication process.