Wednesday, August 8, 2012

MS-CHAPv2 Crack

It should come as no real surprise: MS-CHAPv2 is broken.  It's an ancient scheme.  If you were paying attention, you would have migrated your VPNs and Wireless networks away from it years ago anyway.

Here's a great break down of what this means to your wireless networks.

An even simpler one is to just note that these combinations are still fine:
  • IPSEC and OpenVPNs are fine.
  • WPA2 Enterprise wireless with PEAP is fine.
  • WPA2 Non-Enterprise (i.e. home) wireless is fine (from this).
And, of course, keep in mind it still takes 24 hours (right now, but that's sure to be sped up) to actually crack the DES encryption key with this exploit.  Since it's 24 hours and not 24 ms, that means an attacker will more than just casually find you and exploit you.  Your network will have to be a target first, at least to some degree.


Colin McD said...

Not to this post, but something you may find interesting to comment on:

Amazon user orders a flat-panel TV from a third-party vendor. Gets a Sig Sauer 716 assault rifle instead.



UK visitor said...

more posts like this, please!

securology said...

UK Visitor: But of course ... :)

securology said...

Colin: We weren't initially going to cover it, but the shipping/logistics and the ethics of returning the item are interesting and not being covered elsewhere that we see, so here you go: