Moxie Marlinspike, in an old photo from Black Hat, continues to attack encryption protocols in his latest research at Defcon.
(Credit: Elinor Mills/CNET)
Cryptography specialist Moxie Marlinspike released tools at Defcon today for easily cracking passwords in wireless and virtual private networks that use a popular encryption protocol based on an algorithm from Microsoft called MS-CHAPv2, news that will no doubt worry many a network administrator.
The tools crack WPA2 (Wi-Fi Protected Access) and VPN passwords used by corporations and organizations running networks that are protected by the PPTP (Point-to-Point Tunneling Protocol), which uses MS-CHAPv2 for authentication.
ChapCrack captures the MS-CHAPv2 handshakes, or SSL (Secure Sockets Layer) negotiation communications, and converts them to a token that can be submitted to CloudCracker.
It takes less than a day for the service to return results in the form of another token that is plugged back into ChapCrack where the DES (Data Encryption Standard) keys are cracked. With that data, someone can see all of the information traveling across the Wi-Fi network, including sensitive corporate e-mails and passwords, and use passwords that were revealed to log in to corporate networks.
The tools are designed for penetration testers and network auditors to use to check the security of their WPA2 protected networks and VPNs, but... [Read more]
No comments:
Post a Comment