Professional Soldiers ®

Professional Soldiers ® (http://www.professionalsoldiers.com/forums/index.php)
-   Technology News and Reviews (http://www.professionalsoldiers.com/forums/forumdisplay.php?f=96)
-   -   VPN insecurity: The end of MS-CHAPv2 (http://www.professionalsoldiers.com/forums/showthread.php?t=39009)

BOfH 07-31-2012 15:12
VPN insecurity: The end of MS-CHAPv2
 
Disclaimer: This is intended more or less for the security "wonks"(myself included :D ) on PS.com, and well, anyone else interested in this area.

In summary, MS-CHAPv2, a popular authentication mechanism used in an even more popular remote access solution, PPTP based VPN's, is officially broken. Using purpose built hardware and/or distributed computing, brute forcing the keys used for DES operations in the encryption scheme, which is also used to derive the session keys used to secure the tunnel, hence rendering the entire tunnel insecure, is trivial.

https://www.cloudcracker.com/blog/20...ng-ms-chap-v2/


In other news, the NSA went to Defcon[1]....I wonder how "spot-the-Fed"[2] went. :D

[1] http://www.computerworld.com/s/artic...ing_cyberspace
[2] http://www.zdnet.com/news/def-cons-s...the-fed/102697


All times are GMT -6. The time now is 13:50.


Copyright 2004-2022 by Professional Soldiers ®