(RADIATOR) Crypto EPPwdHash

Mike McCauley mikem at open.com.au
Sat Jan 15 16:36:18 CST 2005 

Hard to find exact data, but I think this describes the algorithm:

Use the ASN.1 encoder to encode  Password, the timestamp, and the alias
 alone. Perform an MD5 Hash on the ASN.1 encoded buffer. This results in a
 16-byte Hash

see also
http://cvs.sourceforge.net/viewcvs.py/openh323/openh323/src/h235auth.cxx?rev=1.28&view=markup

Cheers.

On Saturday 15 January 2005 22:38, Pavel A Crasotin wrote:
> Hello all.
>
> We are trying authenticate VoIP user on our gatekeeper using
> RADIATOR and Oracle DB as backend. Logins and passwords of voip users
> are stored as clear text.
>
> But we have problems. Voip terminal sends login and password to GK as
> cryptoEPPwdHash:
>     cryptoTokens = 1 entries {
>       [0]=cryptoEPPwdHash {
>         alias = h323_ID  5 characters {
>           0074 0065 0073 0074 0031                  test1
>         }
>         timeStamp = 1103778935
>         token = {
>           algorithmOID = 1.2.840.113549.2.5
>           paramS = {
>           }
>           hash = Hex:  b6 5f e7 0d d2 2e c9 18  88 4f e3 aa 54 e7 22 31
>         }
>       }
>     }
>
> GK translates this data to radius server and in RADIATOR debug I see:
>
> Code:       Access-Request
> Identifier: 30
> Authentic:  R;<154>w<30><0>k'<153>0<0> <16><154><244>$
> Attributes:
>         User-Name = "test1"
>         NAS-IP-Address = 127.0.0.1
>         NAS-Port-Type = Async
>         Service-Type = Login-User
>         cisco-avpair =
> "xpgk-md5-auth=test1/1103778935/b65fe70dd22ec918884fe3aa54e72231"
> cisco-avpair = "xpgk-request-type=user"
>
>
> Can anyone help me and explain how can I authenticate these devices?
> What should I do to compare hash and password?
>
> As GK we use MVTS if it helps...
>
> Thanks in advance.
>
> --
> With respect,
> Pavel A Crasotin
> OJSC SeverTransCom
> Tel: +7 (0852) 58-41-03, 58-01-01
> Fax: +7 (0852) 58-01-01
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list