+ Reply to Thread
Results 1 to 7 of 7
  1. Senior Member
    Join Date
    Feb 2008
    Location
    West Yorkshire, UK
    Posts
    269

    Certifications
    A+, N+, 70-270, 70-290, 70-291, 70-293, 70-294, 70-298. MCSE 2003! 70-620
    #1

    Default Differences between MS-CHAP and MS-CHAP V2?

    As far as I can see, v2 is just more secure than MS-CHAP as it's newer, but is there any real differences like one supports NT4 and one doesn't or anything like that?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Aug 2008
    Posts
    2,666

    Certifications
    MCSE: Security, MCTS x 5, P+, S+, N+, A+, HIT
    #2

    Default MSChap

    Basically MS-CHAP v2 is more secure, it provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving.
    MS-CHAP v2, the cryptographic key is always based on the user's password and a random challenge string. Each time it authenticates, a new string is used.
    MS-CHAP v1 was mainly used in windows 2000 and only provided 1-way authentication, VISTA doesn't support it, as v2 is much more secure. It uses a 40-bit encryption key based on the user's password.
    You may need to use v1 for backwards compatibility with NT and but there aren't very many companies running NT anymore.
    You can find some good information about this on MS Technet.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2008
    Location
    West Yorkshire, UK
    Posts
    269

    Certifications
    A+, N+, 70-270, 70-290, 70-291, 70-293, 70-294, 70-298. MCSE 2003! 70-620
    #3
    So with MS-CHAP v1, only the Server requires authentication from the client, where as MS-CHAP v2, the client requires authentication from the Server and vice versa? Thanks for getting to the point. There's pages and pages of this stuff going into far too much detail. To me the important thing is, MS-CHAP for NT4 and 2k and MS-CHAP v2 for 2003/Vista +
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #4
    Quote Originally Posted by mr2nut
    So with MS-CHAP v1, only the Server requires authentication from the client, where as MS-CHAP v2, the client requires authentication from the Server and vice versa?
    Yes. That's referred to as mutual authentication.

    Quote Originally Posted by mr2nut
    To me the important thing is, MS-CHAP for NT4 and 2k and MS-CHAP v2 for 2003/Vista +
    I believe MS-CHAPv2 is supported in 2000 as well.

    Nice post Psoasman!
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Feb 2008
    Location
    West Yorkshire, UK
    Posts
    269

    Certifications
    A+, N+, 70-270, 70-290, 70-291, 70-293, 70-294, 70-298. MCSE 2003! 70-620
    #5
    It was a good post, direct and to the point explaining what you need to know rather than the endless pages of bumf you normally find on google
    Reply With Quote Quote  

  7. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #6
    MSChapV2 is supported all the way back to Windows 95 but you had to install some networking pack to add support for VPN but there was no support for Dial Up. Any OS after that supported MSChapV2 completely.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Aug 2008
    Posts
    2,666

    Certifications
    MCSE: Security, MCTS x 5, P+, S+, N+, A+, HIT
    #7
    Thanks for the feedback!
    I agree, there is way too much "filler" on some websites, especially Google, that it is hard to find what you are looking for sometimes.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks