CHAP Authentication

MCL.NicolasMCL.Nicolas Member Posts: 3 ■□□□□□□□□□
Hey guys !

I've got an issue with CHAP and it's blowing my mind .
First i'm not sure this is the right place to post that kind of question , and I would like to apologize to anyone offended .

I'm actually having 2 routers connected by a Serial interface.
The link is up/up , ping is OK , OSPF neighbors OK ! So everything is great happy.gif
But i want to add CHAP authentication on that link .
Here is what I do :

encapsulation ppp
ppp authentication chap

then i add username of both router on both router happy.gif
link is still operationnal but the prroblem is that passwords are type 7 and can be cracked easily.Does Chap send password for authentication in clear text ?

I have tried this :

username R1 secret 0 cisco
username R2 secret 0 cisco

now link is up/down and debug ppp authentication says : can't authenticate peer .

I don't understand why it does not work .... anyone got an idea ??

Thanks for helping happy.gif


  • Met44Met44 Member Posts: 194
    Yes, CHAP requires a clear text password, which is why you cannot use the username secret command. This uses an MD5 hash, whereas the weak Vigenere cipher used with username password (if you enabled service password-encryption) can be reversed for CHAP authentication.
  • kryollakryolla Member Posts: 785
    The password is not sent over the wire just the username then the router looks in the databse for the corresponding username and gets the password and uses it for MD5 hash. Now PAP user/pass is sent over the wire
    Studying for CCIE and drinking Home Brew
Sign In or Register to comment.