Tools released at Defcon can crack widely used PPTP encryption in under a day
New tool and service can decrypt any PPTP and WPA2 wireless sessions using MS-CHAPv2 authentication
IDG News Service - Security researchers released two tools at the Defcon security conference that can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise (Wireless Protected Access) sessions that use MS-CHAPv2 for authentication.
MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.
MS-CHAPv2 has been known to be vulnerable to dictionary-based brute force attacks since 1999, when a cryptanalysis of the protocol was published by cryptographer Bruce Schneier and other researchers.
However, the common belief on the Internet is that if you have a strong password then it's ok, said Moxie Marlinspike, the security researcher who developed ChapCrack, one of the tools released at Defcon. "What we demonstrated is that it doesn't matter. There's nothing you can do."
ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.
This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.
The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.
PPTP is commonly used by small and medium-size businesses -- large corporations use other VPN technologies like those provided by Cisco -- and it's also widely used by personal VPN service providers, Marlinspike said.
The researcher gave the example of IPredator, a VPN service from the creators of The Pirate Bay, which is marketed as a solution to evade ISP tracking, but only supports PPTP.
Marlinspike's advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.
- Platfora Big Data Analytics for Network Security Platfora amplifies the effectiveness of network security analysis, providing Big Data Analytics capability to augment existing security infrastructure for known threats, and advanced...
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Cyberwarfare White Papers | Webcasts