check MSCHAPV2 authenticator response
Jouni Malinen
jkmaline at cc.hut.fi
Thu Aug 10 23:03:59 EDT 2006
On Thu, Aug 10, 2006 at 01:37:58PM -0700, Andrew wrote:
> For the MSChapV2 protocol the Authenticator Response is 42 bit,
> according to RFC 2759, Sect. 8.7.
Please take a closer look at how the response is encoded. The digest is
calculated using SHA-1 which uses 160-bit (20 byte) hash value. Encoding
converts this to a hex string (2 characters per 8 bits of data). With
the added S= prefix, this is total of 42 characters.
> What is the reason, in file eap_mschapv2.c, eap_ttls.c, only 20 bits
> are checked?
> in line
> memcmp(data->auth_response, recv_response, 20) != 0)
Because the real response data is only 20 bytes long (160-bit SHA-1 hash
value).
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list