Moxie Marlinspike has written up an overview of his and David Hulton’s presentation at Defcon 20 last week: Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate.
The key takeaways:
- Reduces the complexity of attacking MS-CHAPv2 to 2^56 (significantly smaller than attempting to brute-force the user’s password)
- Using FPGA’s, they have achieved “a worst case of ~23 hours … and an average case of about half a day” to crack any given MS-CHAPv2 handshake
- chapcrack automagically extracts the information needed to crack MS-CHAPv2 handshakes from packet dumps, giving you a “token” to use with the CloudCracker Cracking-as-a-Service platform, opening this attack up to anyone
- “All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.”