RFC 2759 (rfc2759) - Page 4 of 20


Microsoft PPP CHAP Extensions, Version 2



Alternative Format: Original Text Document

< Previous
Next >


RFC 2759                  Microsoft MS-CHAP-V2              January 2000


4.  Response Packet

   The MS-CHAP-V2 Response packet is identical in format to the standard
   CHAP Response packet.  However, the Value field is sub-formatted
   differently as follows:

   16 octets: Peer-Challenge
    8 octets: Reserved, must be zero
   24 octets: NT-Response
    1 octet : Flags

   The Peer-Challenge field is a 16-octet random number.  As the name
   implies, it is generated by the peer and is used in the calculation
   of the NT-Response field, below.  Peers need not duplicate
   Microsoft's algorithm for selecting the 16-octet value, but the
   standard guidelines on randomness [1,2,7] SHOULD be observed.

   The NT-Response field is an encoded function of the password, the
   user name, the contents of the Peer-Challenge field and the received
   challenge as output by the routine GenerateNTResponse() (see section
   8.1, below).  The Windows NT password is a string of 0 to
   (theoretically) 256 case-sensitive Unicode [8] characters.  Current
   versions of Windows NT limit passwords to 14 characters, mainly for
   compatibility reasons; this may change in the future.  When computing
   the NT-Response field contents, only the user name is used, without
   any associated Windows NT domain name.  This is true regardless of
   whether a Windows NT domain name is present in the Name field (see
   below).

   The Flag field is reserved for future use and MUST be zero.

   The Name field is a string of 0 to (theoretically) 256 case-sensitive
   ASCII characters which identifies the peer's user account name.  The
   Windows NT domain name may prefix the user's account name (e.g.
   "BIGCO\johndoe" where "BIGCO" is a Windows NT domain containing the
   user account "johndoe").  If a domain is not provided, the backslash
   should also be omitted, (e.g. "johndoe").

5.  Success Packet

   The Success packet is identical in format to the standard CHAP
   Success packet.  However, the Message field contains a 42-octet
   authenticator response string and a printable message.  The format of
   the message field is illustrated below.

   "S= M="





Zorn                         Informational


< Previous
Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions