FreeRADIUS Authentication: Storing Passwords

FreeRADIUS Beginner's Guide


September 2011

$26.99

Manage your network resources with FreeRADIUS.

 

(For more resources on this subject, see here.)

Storing passwords

Username and password combinations have to be stored somewhere. The following list mentions some of the popular places:

  • Text files: You should be familiar with this method by now.
  • SQL databases: FreeRADIUS includes modules to interact with SQL databases. MySQL is very popular and widely used with FreeRADIUS.
  • Directories: Microsoft's Active Directory or Novell's e-Directory are typical enterprise-size directories. OpenLDAP is a popular open source alternative.

The users file and the SQL database that can be used by FreeRADIUS store the username and password as AVPs. When the value of this AVP is in clear text, it can be dangerous if the wrong person gets hold of it. Let's see how this risk can be minimized.

Hash formats

To reduce this risk, we can store the passwords in a hashed format. A hashed format of a password is like a digital fingerprint of that password's text value. There are many different ways to calculate this hash, for example MD5 or SHA1. The end result of a hash should be a one-way fixed-length encrypted string that uniquely represents the password. It should be impossible to retrieve the original password out of the hash.

To make the hash even more secure and more immune to dictionary attacks we can add a salt to the function that generates the hash. A salt is randomly generated bits to be used in combination with the password as input to the one way hash function. With FreeRADIUS we store the salt along with the hash. It is therefore essential to have a random salt with each hash to make a rainbow table attack difficult. The pap module, which is used for PAP authentication, can use passwords stored in the following hash formats to authenticate users:

FreeRADIUS Beginner's Guide

Both MD5 and SSH1 hash functions can be used with a salt to make it more secure.

Time for action – hashing our password

We will replace the Cleartext-Password AVP in the users file with a more secure hashed password AVP in this section.

There seems to be a general confusion on how the hashed password should be created and presented. We will help you clarify this issue in order to produce working hashes for each format.

A valuable URL to assist us with the hashes is the OpenLDAP FAQ:

http://www.openldap.org/faq/data/cache/419.html

There are a few sections that show how to create different types of password hashes. We can adapt this for our own use in FreeRADIUS.

Crypt-Password

Crypt password hashes have their origins in Unix computing. Stronger hashing methods are preferred over crypt, although crypt is still widely used.

  1. The following Perl one-liner will produce a crypt password for passme with the salt value of 'salt':

    #> perl -e 'print(crypt("passme","salt")."\n");'

  2. Use this output and change Alice's check entry in the users file from: "alice" Cleartext-Password := "passme" to: "alice" Crypt-Password := "sa85/iGj2UWlA"
  3. Restart the FreeRADIUS server in debug mode.
  4. Run the authentication request against it again.
  5. Ensure that pap now uses the crypt password by looking for the following line in the FreeRADIUS debug feedback:

    [pap] Using CRYPT password "sa85/iGj2UWlA"

MD5-Password

The MD5 hash is often used to check the integrity of a file. When downloading a Linux ISO image you are also typically supplied with the MD5 sum of the file. You can then confirm the integrity of the file by using the md5sum command.

We can also generate an MD5 hash from a password. We will use Perl to generate and encode the MD5 hash in the correct format that is required by the pap module. The creation of this password hash involves external Perl modules, which you may have to install first before the script can be used. The following steps will show you how:

  1. Create a Perl script with the following contents; we'll name it 4088_04_md5.pl:

    #! /usr/bin/perl -w
    use strict;
    use Digest::MD5;
    use MIME::Base64;
    unless($ARGV[0]){
    print "Please supply a password to create a MD5 hash from.\n";
    exit;
    }
    my $ctx = Digest::MD5->new;
    $ctx->add($ARGV[0]);
    print encode_base64($ctx->digest,'')."\n";

  2. Make the 4088_04_md5.pl file executable:

    chmod 755 4088_04_md5.pl

  3. Get the MD5 password for passme:

    ./4088_04_md5.pl passme

  4. Use this output and update Alice's entry in the user's file to:

    "alice" MD5-Password := "ugGBYPwm4MwukpuOBx8FLQ=="

  5. Restart the FreeRADIUS server in debug mode.
  6. Run the authentication request against it again.
  7. Ensure that pap now uses the MD5 password by looking for the following line in the FreeRADIUS debug feedback:

    [pap] Using MD5 encryption.

SMD5-Password

This is an MD5 password with salt. The creation of this password hash involves external Perl modules, which you may have to install first before the script can be used.

  1. Create a Perl script with the following contents; we'll name it 4088_04_smd5.pl:

    #! /usr/bin/perl -w
    use strict;
    use Digest::MD5;
    use MIME::Base64;
    unless(($ARGV[0])&&($ARGV[1])){
    print "Please supply a password and salt to create a salted
    MD5 hash from.\n";
    exit;
    }
    my $ctx = Digest::MD5->new;
    $ctx->add($ARGV[0]);
    my $salt = $ARGV[1];
    $ctx->add($salt);
    print encode_base64($ctx->digest . $salt ,'')."\n";

  2. Make the 4088_04_smd5.pl file executable:

    chmod 755 4088_04_smd5.pl

  3. Get the SMD5 value for passme using a salt value of 'salt':

    ./4088_04_smd5.pl passme salt

    Remember that you should use a random value for the salt. We only used salt here for the demonstration.

  4. Use this output and update Alice's entry in the user's file to:

    "alice" SMD5-Password := "Vr6uPTrGykq4yKig67v5kHNhbHQ="

  5. Restart the FreeRADIUS server in debug mode.
  6. Run the authentication request against it again.
  7. Ensure that pap now uses the SMD5 password by looking for the following line in the FreeRADIUS debug feedback.

    [pap] Using SMD5 encryption.

 

(For more resources on this subject, see here.)

SHA-Password

SHA stands for Secure Hash Algorithm. SHA1 is most commonly used from the SHA series of cryptographic hash functions. It was designed by the National Security Agency (NSA) and published as their government standard. SHA-1 produces a 160-bit hash value. There was SHA-0 that had been withdrawn by the NSA shortly after publication and was superseded by SHA-1. There is also the SHA-2 series that features significant changes from SHA-1. SHA-2 includes the SHA-224, SHA-256, SHA-384, SHA-512 cryptographic functions. A new hash standard called SHA-3 is currently under development.

The creation of this password hash involves external Perl module, which you may have to install first before the script can be used.

  1. Create a Perl script with the following contents; we'll name it 4088_04_sha1.pl:

    #! /usr/bin/perl -w
    use strict;
    use Digest::SHA1;
    use MIME::Base64;
    unless($ARGV[0]){
    print "Please supply a password to create a SHA1 hash from.\n";
    exit;
    }
    my $ctx = Digest::SHA1->new;
    $ctx->add($ARGV[0]);
    print encode_base64($ctx->digest,'')."\n";

  2. Make the 4088_04_sha1.pl file executable:

    chmod 755 4088_04_sha1.pl

  3. Get the SHA value for passme:

    ./4088_04_sha1.pl passme

  4. Use this output and update Alice's entry in the user's file to:

    "alice" SHA-Password := "/waczsxHgPn1JIkpJENLNV5Jp5k="

  5. Restart the FreeRADIUS server in debug mode.
  6. Run the authentication request again against it.
  7. Ensure that pap now uses the SHA password by looking for the following line in the FreeRADIUS debug feedback:

    [pap] Using SHA encryption.

SSHA-Password

This is an SHA password with salt. The creation of this password hash involves external Perl modules, which you may have to install first before the script can be used.

  1. Create a Perl script with the following contents; we'll name it 4088_04_ssha1.pl:

    #! /usr/bin/perl -w
    use strict;
    use Digest::SHA1;
    use MIME::Base64;
    unless(($ARGV[0])&&($ARGV[1])){
    print "Please supply a password and salt to create a salted SHA1
    hash from.\n";
    exit;
    }
    my $ctx = Digest::SHA1->new;
    $ctx->add($ARGV[0]);
    my $salt = $ARGV[1];
    $ctx->add($salt);
    print encode_base64($ctx->digest . $salt ,'')."\n";

  2. Make the 4088_04_ssha1.pl file executable:

    chmod 755 4088_04_ssha1.pl

  3. Get the SSHA value for passme using a salt value of 'salt':

    ./4088_04_ssha1.pl passme salt

    Remember that you should use a random value for the salt. We only used salt here for the demonstration.
  4. Use this output and update Alice's entry in the user's file to:

    "alice" SSHA-Password := "bXUygZ+GToKwJysZyzghIEwf9tJzYWx0"

  5. Restart the FreeRADIUS server in debug mode.
  6. Run the authentication request against it again.
  7. Ensure that pap now uses the SSHA password by looking for the following line in the FreeRADIUS debug feedback:

    [pap] Using SSHA encryption.

NT-Password or LM-Password

The LM-Password AVP is used to store the LM hash of a user's password. The NT-Password AVP is used to store the NTLM hash of a user's password. The LM hash is the password hash that was used by Microsoft LAN Manager prior to Windows NT. The NTLM hash was introduced with Windows NT.

Due to their known flaws it is now recommended not to use them anymore. The flaws include vulnerability to pre-computed attacks because they do not use a salt. The password is also split up. This allows for fewer possibilities per chunk of the password, making it easier to guess.

Despite the flaws the LM hash and NTLM hash are still widely used because of the many legacy third-party CIFS implementations. Although not enabled, Windows Server 2008 still includes support for the LM hash.

To create an NT-Password or LM-Password hash we use the smbencrypt program, which is installed with FreeRADIUS. Because the NT-Password hash is more secure than the LM-Password hash we will use it here.

  1. Get the NT-Password for passme by using the following command:

    smbencrypt passme

  2. Use this output and update Alice's entry in the user's file to:

    "alice" NT-Password := "CED46D3B902D60F779ED78BFD90ED00A"

  3. Restart the FreeRADIUS server in debug mode.
  4. Run the authentication request against it again.
  5. Ensure that pap now uses the NT password by looking for the following line in the FreeRADIUS debug feedback:

    [pap] NT-Hash of passme = ced46d3b902d60f779ed78bfd90ed00a

What just happened?

We have created and tested different hash formats for storing a user's password inside the users file.

Hash formats and authentication protocols

Hashing a password imposes limitations on the available authentication protocols that can use this password. As you have seen, PAP can be used with all of them. CHAP requires that the password be stored in clear text. MS-CHAP can only use clear text or NT-Password.

There is a nice authentication protocol and password encryption lookup grid at the following URL:
http://deployingradius.com/documents/protocols/compatibility.html

Other authentication methods

There are two other authentication methods that are worth mentioning here. They are one-time passwords and certificates.

One-time passwords

FreeRADIUS includes a module called rlm_otp that can be used to handle OTP (one-time password) tokens. This module should be used in conjunction with additional programs. Unfortunately the company that contributed the code for the additional programs, Tri-D Systems, does not exist anymore. However, the code was forked and is now available from Google Code (http://code.google.com/p/otpd/).

If you want to implement your own one-time password functionality you can use a module like rlm_perl or rlm_python to handle the logic behind a one-time password. The NAS may still send User-Name and User-Password attributes to FreeRADIUS, but the way the User-Password is managed will be unique in order to handle a one-time password.

Certificates

Certificates do not involve the presentation of a username and password combination. EAP can use this as a sub-method. Certificates will be discussed in more detail in the next article on EAP.

Summary

In this article we covered Hash formats for safe storing of passwords and authentication protocols.


Further resources on this subject:


Books to Consider

comments powered by Disqus
X

An Introduction to 3D Printing

Explore the future of manufacturing and design  - read our guide to 3d printing for free