(RADIATOR) Crypto EPPwdHash
Mike McCauley
mikem at open.com.au
Tue Jan 18 00:15:57 CST 2005
Hello Pavel,
On Tuesday 18 January 2005 15:50, Pavel A Crasotin wrote:
> Hello Mike.
>
> Thank you for advice.
> I have write small C++ program to restore MD5 hash using login, password
> from DB and timestamp.
>
> Do you plan to implement this authentication method in RADIATOR? :)
We would consider it if you can confirm the algorithm and provide some test
data (password, username hash etc).
Cheers.
>
>
> MM> Hard to find exact data, but I think this describes the algorithm:
>
> MM> Use the ASN.1 encoder to encode Password, the timestamp, and the alias
> MM> alone. Perform an MD5 Hash on the ASN.1 encoded buffer. This results
> in a MM> 16-byte Hash
>
> MM> see also
> MM>
> http://cvs.sourceforge.net/viewcvs.py/openh323/openh323/src/h235auth.cxx?re
>v=1.28&view=markup
>
> MM> Cheers.
>
> MM> On Saturday 15 January 2005 22:38, Pavel A Crasotin wrote:
> >> Hello all.
> >>
> >> We are trying authenticate VoIP user on our gatekeeper using
> >> RADIATOR and Oracle DB as backend. Logins and passwords of voip users
> >> are stored as clear text.
> >>
> >> But we have problems. Voip terminal sends login and password to GK as
> >> cryptoEPPwdHash:
> >> cryptoTokens = 1 entries {
> >> [0]=cryptoEPPwdHash {
> >> alias = h323_ID 5 characters {
> >> 0074 0065 0073 0074 0031 test1
> >> }
> >> timeStamp = 1103778935
> >> token = {
> >> algorithmOID = 1.2.840.113549.2.5
> >> paramS = {
> >> }
> >> hash = Hex: b6 5f e7 0d d2 2e c9 18 88 4f e3 aa 54 e7 22 31
> >> }
> >> }
> >> }
> >>
> >> GK translates this data to radius server and in RADIATOR debug I see:
> >>
> >> Code: Access-Request
> >> Identifier: 30
> >> Authentic: R;<154>w<30><0>k'<153>0<0> <16><154><244>$
> >> Attributes:
> >> User-Name = "test1"
> >> NAS-IP-Address = 127.0.0.1
> >> NAS-Port-Type = Async
> >> Service-Type = Login-User
> >> cisco-avpair =
> >> "xpgk-md5-auth=test1/1103778935/b65fe70dd22ec918884fe3aa54e72231"
> >> cisco-avpair = "xpgk-request-type=user"
> >>
> >>
> >> Can anyone help me and explain how can I authenticate these devices?
> >> What should I do to compare hash and password?
> >>
> >> As GK we use MVTS if it helps...
> >>
> >> Thanks in advance.
> >>
> >> --
> >> With respect,
> >> Pavel A Crasotin
> >> OJSC SeverTransCom
> >> Tel: +7 (0852) 58-41-03, 58-01-01
> >> Fax: +7 (0852) 58-01-01
> >>
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
>
> --
> With respect,
> Pavel A Crasotin
> OJSC SeverTransCom
> Tel: +7 (0852) 58-41-03, 58-01-01
> Fax: +7 (0852) 58-01-01
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list