Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How do I decode the client password and compare it to the plain text password?

client compare decode password plain text
0
Posted

How do I decode the client password and compare it to the plain text password?

0 CommentsAdd a Comment

1 Answer

0

Except for PAP authentication it is impossible to decode the client password for a direct comparison to a local plain text or otherwise encoded password. PAP passwords are decoded using Authinfo.decode(byte[] password) or AuthInfo.getDecodedUserPassword(). The method employed is to perform the same encoding on the plain text password as the client used. The two encoded passwords are compared. If the encoding match the passwords match. There is a very slight chance that a different password will match but that is out of the scope of this document. All other passwords are sent as one-way hashes (encodings) that cannot be decoded. For MSCHAP & MSCHAP V1 the AuthInfo method cmpMSCHAP(byte[] password) encoded and compares the password to the MSCHAP Vendor-Specific attributes in the request packet. CHAP uses the cmpCHAP(byte[] plaintextPassword) method.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123