(RADIATOR) Crypto EPPwdHash

Mike McCauley mikem at open.com.au
Tue Jan 18 00:15:57 CST 2005 

Hello Pavel,

On Tuesday 18 January 2005 15:50, Pavel A Crasotin wrote:
> Hello Mike.
>
> Thank you for advice.
> I have write small C++ program to restore MD5 hash using login, password
> from DB and timestamp.
>
> Do you plan to implement this authentication method in RADIATOR? :)

We would consider it if you can confirm the algorithm and provide some test 
data (password, username hash etc).

Cheers.

>
>
> MM> Hard to find exact data, but I think this describes the algorithm:
>
> MM> Use the ASN.1 encoder to encode  Password, the timestamp, and the alias
> MM>  alone. Perform an MD5 Hash on the ASN.1 encoded buffer. This results
> in a MM>  16-byte Hash
>
> MM> see also
> MM>
> http://cvs.sourceforge.net/viewcvs.py/openh323/openh323/src/h235auth.cxx?re
>v=1.28&view=markup
>
> MM> Cheers.
>
> MM> On Saturday 15 January 2005 22:38, Pavel A Crasotin wrote:
> >> Hello all.
> >>
> >> We are trying authenticate VoIP user on our gatekeeper using
> >> RADIATOR and Oracle DB as backend. Logins and passwords of voip users
> >> are stored as clear text.
> >>
> >> But we have problems. Voip terminal sends login and password to GK as
> >> cryptoEPPwdHash:
> >>     cryptoTokens = 1 entries {
> >>       [0]=cryptoEPPwdHash {
> >>         alias = h323_ID  5 characters {
> >>           0074 0065 0073 0074 0031                  test1
> >>         }
> >>         timeStamp = 1103778935
> >>         token = {
> >>           algorithmOID = 1.2.840.113549.2.5
> >>           paramS = {
> >>           }
> >>           hash = Hex:  b6 5f e7 0d d2 2e c9 18  88 4f e3 aa 54 e7 22 31
> >>         }
> >>       }
> >>     }
> >>
> >> GK translates this data to radius server and in RADIATOR debug I see:
> >>
> >> Code:       Access-Request
> >> Identifier: 30
> >> Authentic:  R;<154>w<30><0>k'<153>0<0> <16><154><244>$
> >> Attributes:
> >>         User-Name = "test1"
> >>         NAS-IP-Address = 127.0.0.1
> >>         NAS-Port-Type = Async
> >>         Service-Type = Login-User
> >>         cisco-avpair =
> >> "xpgk-md5-auth=test1/1103778935/b65fe70dd22ec918884fe3aa54e72231"
> >> cisco-avpair = "xpgk-request-type=user"
> >>
> >>
> >> Can anyone help me and explain how can I authenticate these devices?
> >> What should I do to compare hash and password?
> >>
> >> As GK we use MVTS if it helps...
> >>
> >> Thanks in advance.
> >>
> >> --
> >> With respect,
> >> Pavel A Crasotin
> >> OJSC SeverTransCom
> >> Tel: +7 (0852) 58-41-03, 58-01-01
> >> Fax: +7 (0852) 58-01-01
> >>
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
>
> --
> With respect,
> Pavel A Crasotin
> OJSC SeverTransCom
> Tel: +7 (0852) 58-41-03, 58-01-01
> Fax: +7 (0852) 58-01-01

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list