(RADIATOR) Crypto EPPwdHash

Pavel A Crasotin pavel at ctk.ru
Mon Jan 17 23:50:52 CST 2005 

Hello Mike.

Thank you for advice.
I have write small C++ program to restore MD5 hash using login, password
from DB and timestamp.

Do you plan to implement this authentication method in RADIATOR? :)


MM> Hard to find exact data, but I think this describes the algorithm:

MM> Use the ASN.1 encoder to encode  Password, the timestamp, and the alias
MM>  alone. Perform an MD5 Hash on the ASN.1 encoded buffer. This results in a
MM>  16-byte Hash

MM> see also
MM> http://cvs.sourceforge.net/viewcvs.py/openh323/openh323/src/h235auth.cxx?rev=1.28&view=markup

MM> Cheers.

MM> On Saturday 15 January 2005 22:38, Pavel A Crasotin wrote:
>> Hello all.
>>
>> We are trying authenticate VoIP user on our gatekeeper using
>> RADIATOR and Oracle DB as backend. Logins and passwords of voip users
>> are stored as clear text.
>>
>> But we have problems. Voip terminal sends login and password to GK as
>> cryptoEPPwdHash:
>>     cryptoTokens = 1 entries {
>>       [0]=cryptoEPPwdHash {
>>         alias = h323_ID  5 characters {
>>           0074 0065 0073 0074 0031                  test1
>>         }
>>         timeStamp = 1103778935
>>         token = {
>>           algorithmOID = 1.2.840.113549.2.5
>>           paramS = {
>>           }
>>           hash = Hex:  b6 5f e7 0d d2 2e c9 18  88 4f e3 aa 54 e7 22 31
>>         }
>>       }
>>     }
>>
>> GK translates this data to radius server and in RADIATOR debug I see:
>>
>> Code:       Access-Request
>> Identifier: 30
>> Authentic:  R;<154>w<30><0>k'<153>0<0> <16><154><244>$
>> Attributes:
>>         User-Name = "test1"
>>         NAS-IP-Address = 127.0.0.1
>>         NAS-Port-Type = Async
>>         Service-Type = Login-User
>>         cisco-avpair =
>> "xpgk-md5-auth=test1/1103778935/b65fe70dd22ec918884fe3aa54e72231"
>> cisco-avpair = "xpgk-request-type=user"
>>
>>
>> Can anyone help me and explain how can I authenticate these devices?
>> What should I do to compare hash and password?
>>
>> As GK we use MVTS if it helps...
>>
>> Thanks in advance.
>>
>> --
>> With respect,
>> Pavel A Crasotin
>> OJSC SeverTransCom
>> Tel: +7 (0852) 58-41-03, 58-01-01
>> Fax: +7 (0852) 58-01-01
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.



--
With respect,
Pavel A Crasotin
OJSC SeverTransCom
Tel: +7 (0852) 58-41-03, 58-01-01
Fax: +7 (0852) 58-01-01


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list