Password encoding/decoding
Wichert Akkerman
wichert at wiggy.net
Mon Aug 10 09:27:38 UTC 2009
I have been debugging this a bit further. I have a test run with the
following settings:
UAM secret: tushaethaihahqui
challenge: 10a1803a58fea7778e65935fba955185
raw password: ABCDEFGHIJKLMNOPQRSTUVWXYZ
The PAP obfuscated password becomes:
4a8c7b9f70c02ae48da682f0438969c95a9c6b8f60d03af49db6c9bc0ec72699
chilli decodes that and after passing it on FreeRADIUS reports:
rlm_pap: login attempt with password "??U?"
if I try to decode using a simple decode.c I extracted from redir.c I
get the right password:
[fog;..ldout/devel/decode]-224> ./decode
10a1803a58fea7778e65935fba955185
4a8c7b9f70c02ae48da682f0438969c95a9c6b8f60d03af49db6c9bc0ec72699
tushaethaihahqui
ABCDEFGHIJKLMNOPQRSTUVWXYZ
as far as I can see my obfuscation code looks correct:
def ObfuscatePassword(challenge, password):
xorpad=challenge.decode("hex")
assert len(xorpad)==16
uamsecret=pylons.config.get("chilli.uamsecret", None)
if uamsecret:
xorpad=hashlib.md5(xorpad+uamsecret).digest()
while len(xorpad)<len(password):
xorpad+=xorpad
# NUL-pad the password to make it a multiple of the XOR-pad size
password+="\x00"*(len(xorpad)-len(password))
assert len(password)==len(xorpad)
result=[]
for i in range(len(password)):
result.append(chr(ord(password[i]) ^ ord(xorpad[i])))
result="".join(result)
return result.encode("hex")
Does anyone have an idea why this goes wrong?
On 8/3/09 14:12 , Wichert Akkerman wrote:
> I am wondering if something goes wrong in the password handling. I know
> something goes wrong on my end in the UAM<->Chilli communication which
> mangles passwords: if I sent ABCDEFGHIJKLMNOPQRSTUVWXYZ as password
> chilli decodes that to ABCDEFGHIJKLMNOPK<lots of binary>. But things go
> wrong on when that is sent to RADIUS as well. Here is the FreeRadius log
> output for the same request:
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 56008, id=2,
> length=269
> Vendor-14559-Attr-8 = 0x312e302e3134
> User-Name = "wichert"
> User-Password = "U\004j,"
> NAS-IP-Address = 10.1.0.1
> Service-Type = Login-User
> Framed-IP-Address = 10.1.0.3
> Calling-Station-Id = "00-0C-29-27-79-83"
> Called-Station-Id = "00-0C-29-6C-0F-92"
> NAS-Identifier = "nas01"
> Acct-Session-Id = "4a76d33900000002"
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 2
> WISPr-Location-ID = "isocc=NL,cc=31,ac=020,network=Attingo,KLM_Lounge"
> WISPr-Location-Name = "KLM_Lounge"
> WISPr-Logoff-URL = "http://10.1.0.1:3990/logoff"
> Message-Authenticator = 0x4d6f776979e5711baf9ae428338e9bf7
> Login incorrect (rlm_pap: CLEAR TEXT password check failed):
> [wichert/U\004j,] (from client localhost port 2 cli 00-0C-29-27-79-83)
> WARNING: Unprintable characters in the password. Double-check the shared
> secret on the server and the NAS!
>
> which shows that my bad password has become even more corrupted.
>
> Wichert.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: decode.c
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090810/48c67077/attachment.txt>
More information about the Chilli
mailing list