17 Dec
2003
17 Dec
'03
11:17 p.m.
sameer wrote:
See www.l0pht.com
Does anybody know how Microsoft RAS implements data encryption? Apparently (http://www.microsoft.com/kb/articles/q136/6/34.htm) they use RC4, but is this stuff documented somewhere, like in an RFC?
What I can find at www.l0pht.com only deals with password authentication. I'm more interested in the RC4 data encryption that Microsoft RAS servers and clients are using. That is, once a PPP session is established and MSCHAP is used to authenticate the session, the secret from MSCHAP is reused as two RC4 keys with 40 or 128 bit keys (US or International versions). But I can't find any documents on exactly how this works. Mike.