CHAP Authentication

Hey guys !

I've got an issue with CHAP and it's blowing my mind .
First i'm not sure this is the right place to post that kind of question , and I would like to apologize to anyone offended .

I'm actually having 2 routers connected by a Serial interface.
The link is up/up , ping is OK , OSPF neighbors OK ! So everything is great

But i want to add CHAP authentication on that link .
Here is what I do :

encapsulation ppp
ppp authentication chap

then i add username of both router on both router

link is still operationnal but the prroblem is that passwords are type 7 and can be cracked easily.Does Chap send password for authentication in clear text ?

I have tried this :

username R1 secret 0 cisco
username R2 secret 0 cisco

now link is up/down and debug ppp authentication says : can't authenticate peer .

I don't understand why it does not work .... anyone got an idea ??

Thanks for helping

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Met44

Yes, CHAP requires a clear text password, which is why you cannot use the username secret command. This uses an MD5 hash, whereas the weak Vigenere cipher used with username password (if you enabled service password-encryption) can be reversed for CHAP authentication.

kryolla

The password is not sent over the wire just the username then the router looks in the databse for the corresponding username and gets the password and uses it for MD5 hash. Now PAP user/pass is sent over the wire