Microsoft warns of PPTP and MS-CHAP
Microsoft warns of serious security problem in authentication via MS-CHAP v2, which comes in especially Microsoft's VPN technology Point-to-Point Tunneling Protocol (PPTP) is used. Three weeks ago, the encryption expert Moxie Marlinspike presented at the Black Hat conference in front of the Web Service Cloud cracker who can crack any PPTP access for $ 200 within 24 hours.
The basic problem has been known for many years: MS-CHAP v2 is a strange combination of three verschwurbelte DES operations. The crack can be reliably by trying all 256 possible DES keys - no matter how complex the password used. This task a specially designed server with FPGAs done in less than a day.
Those who logged a PPTP logon process with a network sniffer can chapcrack with the open-source tool to extract required for this token and can be at Cloud Cracker for $ 200 crack the key with which he can then decrypt the entire network traffic. The same also applies for corporate WLANs secured with WPA2 and MS-CHAP2. The MS-CHAPv2-Challenge and Response can be caught with FreeRADIUS WPE and feed then again at chapcrack.
For more security, there are essentially two strategies: Either you pack the MS-CHAP authentication in a separate tunnel verschlüsslten - Microsoft recommends the Protected Extensible Authentication Protocol (PEAP) - or, switching to a secure VPN technology. As alternatives, suggests Microsoft L2TP/IPSec, IPSec with IKEv2 or SSTP before. The open-source OpenVPN protocol is not in the list before.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment