From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Sun Jul 24 2005 - 13:35:29 GMT-3
Just checked support site of IPexpert. They admit it is a bug on the
exercise.
Thanks any way
Gustavo
________________________________
From: Gustavo Novais
Sent: domingo, 24 de Julho de 2005 17:31
To: lab
Subject: user <user> secret <password> and CHAP doubt
Hello
I'm doing a lab on which the requirement is that we use CHAP
authentication, but on one of the involved routers the username for the
remote must be stored as such you shouldn't be able to decode the
password from the config.
This points me to user XXX secret pass, which encrypts the pass with
MD5.
The thing is, as stated on
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft
/121limit/121e/121e8/8e_md5.htm
CHAP doesn't "like" that we store the passwords as MD5, It needs them to
be on plain text so he can derive its own md5 challenge.
I can turn around the issue by simply not authenticating the remote
side, thus no need of local username, and then it can be whatever I
want. But I think this ugly...
this appeared on IPexpert challenge 26, ISDN question.
Any thoughts?
TIA
Gustavo
PS. I can also see what is the hash of the password and use the hash
instead of the password, and store it as plain text, but this would be
even uglier...
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3