BOfH
07-31-2012, 15:12
Disclaimer: This is intended more or less for the security "wonks"(myself included :D ) on PS.com, and well, anyone else interested in this area.
In summary, MS-CHAPv2, a popular authentication mechanism used in an even more popular remote access solution, PPTP based VPN's, is officially broken. Using purpose built hardware and/or distributed computing, brute forcing the keys used for DES operations in the encryption scheme, which is also used to derive the session keys used to secure the tunnel, hence rendering the entire tunnel insecure, is trivial.
https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
In other news, the NSA went to Defcon[1]....I wonder how "spot-the-Fed"[2] went. :D
[1] http://www.computerworld.com/s/article/9229756/NSA_chief_asks_hackers_at_Defcon_for_help_securing _cyberspace
[2] http://www.zdnet.com/news/def-cons-sport-spot-the-fed/102697
In summary, MS-CHAPv2, a popular authentication mechanism used in an even more popular remote access solution, PPTP based VPN's, is officially broken. Using purpose built hardware and/or distributed computing, brute forcing the keys used for DES operations in the encryption scheme, which is also used to derive the session keys used to secure the tunnel, hence rendering the entire tunnel insecure, is trivial.
https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
In other news, the NSA went to Defcon[1]....I wonder how "spot-the-Fed"[2] went. :D
[1] http://www.computerworld.com/s/article/9229756/NSA_chief_asks_hackers_at_Defcon_for_help_securing _cyberspace
[2] http://www.zdnet.com/news/def-cons-sport-spot-the-fed/102697