Tools Beat Microsoft Crypto

Wednesday, August 1, 2012 @ 01:08 PM gHale

Tools are available to crack passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft called MS-CHAPv2.

The tools crack WPA2 (Wi-Fi Protected Access) and VPN passwords used by corporations and organizations running networks e protected by the PPTP (Point-to-Point Tunneling Protocol), which uses MS-CHAPv2 for authentication, said cryptography specialist Moxie Marlinspike at Defcon in Las Vegas.

Black Hat: Persistent Threat Plan
Black Hat: Govt. Unplugged
Black Hat: Smart Meters Insecure
Black Hat: Sub-GHz Wireless Within Reach
Black Hat: Air Gap Myth Buster
Black Hat: New Security Paradigm

ChapCrack captures the MS-CHAPv2 handshakes, or SSL (Secure Sockets Layer) negotiation communications, and converts them to a token that goes to CloudCracker.

It takes less than a day for the service to return results in the form of another token that plugs back into ChapCrack where the DES (Data Encryption Standard) keys end up cracked. With that data, someone can see all of the information traveling across the Wi-Fi network, including sensitive corporate emails and passwords, and use passwords revealed to log in to corporate networks.

The tools are really for penetration testers and network auditors to use to check the security of their WPA2 protected networks and VPNs, but in the wrong hands, hackers could steal data and get unauthorized access to networks.

The processing occurs on a supercomputer running customized chips created by David Hulton of Pico Computing. It will cost $200 for a crack to go through the whole keyspace and CloudCracker, Marlinspike said.

The PPTP protocol is old and has a poorly designed authentication handshake in MS-CHAPv2, he said. “We found we can reduce the security of the protocol to a single DES encryption,” he said.

Despite the technology being outdated and broken, it sees use on a huge number of enterprise networks, including those with Windows XP-based computers. The PPTP protocol remains popular because Windows XP and other operating systems support it, and operating systems continue to support it because so many organizations are using it, Marlinspike said.

Leave a Reply

You must be logged in to post a comment.