Corporate security teams should evaluate and address the risks associated with any current usage of this protocol. The analysis of the protocol, proof-of-concept cracking approach, and special PICO supercomputer used, make this a fascinating read for security professionals. It requires a sophisticated setup and some time to reconstruct the plain text versions of passwords from the NT Hash for the 3 DES keys.
MS-CHAPv2 Protocol compromised with 100% success
QUOTE: Moxie Marlinspike and David Hulton gave a talk at Defcon 20 on a presentation on cracking MS-CHAPv2 with 100% success rate. This protocol is still very much in use with PPTP VPNs, and WPA2 Enterprise environments for authentication. Moxie’s recommendations:
1. All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.
2. Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.
Knowing that MS-CHAPv2 can now be cracked, what alternatives are you considering to secure your now insecure communications? The two alternatives suggested by Moxie are “OpenVPN configuration, or IPSEC in certificate rather than PSK mode.”