Analysis on the Security of MS-CHAP

MS-CHAP is usually embedded in other protocols,and used to verify the peer's identity in a three-way-handshake.The security of MS-CHAP was formally analyzed by a protocol-verifying way from the attacker's point of view.The result showed that the MS-CHAP protocol has vulnerabilities by which the attacker can pass the authentication without cracking the password and the corresponding attacking scenario was given.The MS-CHAP protocol has some deadly security flaw and can't achieve the desired security goal.