От: | punk4 | ||
Дата: | 16.09.05 10:37 | ||
Оценка: |
От: | Cyberax | ||
Дата: | 16.09.05 10:50 | ||
Оценка: |
Для аутентификации пользователей PPTP может задействовать любой из
протоколов, применяемых для PPP, включая Extensible Authentication
Protocol (EAP), Microsoft Challenge Handshake Authentication Protocol
(MSCHAP) версии 1 и 2, Challenge Handshake Authentication Protocol
(CHAP), Shiva Password Authentication Protocol (SPAP) и Password
Authentication Protocol (PAP). Лучшими считаются протоколы MSCHAP
версии 2 и Transport Layer Security (EAP-TLS), поскольку они
обеспечивают взаимную аутентификацию, т. е. VPN-сервер и клиент
идентифицируют друг друга. Во всех остальных протоколах только сервер
проводит аутентификацию клиентов.
So why didn?t Microsoft just use CHAP with MD5 encryption then? CHAP
does not send the clear text password across the ?wire?. The answer is
that in order to use CHAP protocol, you need the clear text for the
password to be used with the encryption algorithm. You would need to
store this clear text on your disk file. (The pppd process stores it
in the /etc/ppp/chap-secrets file.) Storing a password in clear text
on the disk also violates the requirements for C2 registration.
От: | punk4 | ||
Дата: | 16.09.05 11:12 | ||
Оценка: |
C> So why didn?t Microsoft just use CHAP with MD5 encryption then? CHAP
C> does not send the clear text password across the ?wire?. The answer is
C> that in order to use CHAP protocol, you need the clear text for the
C> password to be used with the encryption algorithm. You would need to
C> store this clear text on your disk file. (The pppd process stores it
C> in the /etc/ppp/chap-secrets file.) Storing a password in clear text
C> on the disk also violates the requirements for C2 registration.