Differences between MS-CHAP and MS-CHAP V2?

As far as I can see, v2 is just more secure than MS-CHAP as it's newer, but is there any real differences like one supports NT4 and one doesn't or anything like that?

Comments

  • PsoasmanPsoasman Member Posts: 2,687 ■■■■■■■■■□
    Basically MS-CHAP v2 is more secure, it provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving.
    MS-CHAP v2, the cryptographic key is always based on the user's password and a random challenge string. Each time it authenticates, a new string is used.
    MS-CHAP v1 was mainly used in windows 2000 and only provided 1-way authentication, VISTA doesn't support it, as v2 is much more secure. It uses a 40-bit encryption key based on the user's password.
    You may need to use v1 for backwards compatibility with NT and but there aren't very many companies running NT anymore.
    You can find some good information about this on MS Technet. :D
  • mr2nutmr2nut Member Posts: 269
    So with MS-CHAP v1, only the Server requires authentication from the client, where as MS-CHAP v2, the client requires authentication from the Server and vice versa? Thanks for getting to the point. There's pages and pages of this stuff going into far too much detail. To me the important thing is, MS-CHAP for NT4 and 2k and MS-CHAP v2 for 2003/Vista +
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    mr2nut wrote:
    So with MS-CHAP v1, only the Server requires authentication from the client, where as MS-CHAP v2, the client requires authentication from the Server and vice versa?

    Yes. That's referred to as mutual authentication.
    mr2nut wrote:
    To me the important thing is, MS-CHAP for NT4 and 2k and MS-CHAP v2 for 2003/Vista +

    I believe MS-CHAPv2 is supported in 2000 as well.

    Nice post Psoasman!
  • mr2nutmr2nut Member Posts: 269
    It was a good post, direct and to the point explaining what you need to know rather than the endless pages of bumf you normally find on google icon_lol.gif
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    MSChapV2 is supported all the way back to Windows 95 but you had to install some networking pack to add support for VPN but there was no support for Dial Up. Any OS after that supported MSChapV2 completely.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • PsoasmanPsoasman Member Posts: 2,687 ■■■■■■■■■□
    Thanks for the feedback!
    I agree, there is way too much "filler" on some websites, especially Google, that it is hard to find what you are looking for sometimes. :D
Sign In or Register to comment.