Slashdot Mirror
New Moxie Marlinspike Tool Cracks Crypto Passwords
Gunkerty Jeb writes "Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft's MS-CHAPv2 protocol. Marlinspike discussed the tool during a talk at DEF CON over the weekend, and it is available for download."
but whenever I read his name, my mind keeps wandering to Stephen R. Donaldson novels and off the point he's trying to make.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
He really seems down-to-earth and balanced, and all the stuff he's done have been spot-on so far.
not trying to be brash, or curt or whatever, but can someone explain the larger implications?
what does this mean for me (the average non-very-savvy-when-it-comes-to-security person)?
should I stop using tor (is tor pptp?)?
should I stop using vpn, or wpa wireless networks?
this actually doesn't seem that interesting, I mean, if you use a cloud-based cracker, couldn't you have submitted the wpa handshake there already?
poor guy who is actually more well renound for deciding to help wikileaks and spending most of his 2010 travel itinerary detained and threatened by customs agents.
for me, he falls somewhere between hero and legend. im certain for the government he falls somewhere between drone strike and gulag.
Good people go to bed earlier.
Build a better lock, someone will learn to open it, That's it then. Time for everybody in the world to go on the honor system! (And NO crossing your fingers/toes.)
DES has been well known for vulnerabilities for some time. I don't know of many businesses using MS PPTP for remote VPN because it is usually cheaper and easier to just purchase licenses from their firewall / gateway vendor. Certainly no company with strong crypto needs such as HIPAA, PCI, and similar compliance are using anything but dedicated VPN appliances with AES or similar based encryption. Heck, most of those have moved to 2-factor authentication and are using at least TLS 1.0 / SSL 3.0 at layer 4.
I read the headline and wondered why a crack was released for Ubuntu only and such an old version...
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
I have to send my handshake file on that website ? Isn't that unsecure ? The website owner could keep the data and do whatever he wants with it ?
Because surely if he didn't build them, nobody else ever would. The entire point is that he makes the vulnerabilities known, posts them publicly, and often (if not always) gives the manufacturer a chance to correct the issue FIRST.
that can crack passwords (...) that rely on encryption using Microsoft's MS-CHAPv2 protocol.
everybody knows Microsoft isn't know for their good security. In fact, they are known for they half assed protocols and pseudo security.
is MSCHAPV2 actually used by people?
I know that security people who build these things get vexed whenever a vulnerability is posted in the wild along with a cracking mechanism, but so often in the past we have seen security researchers have the cops called on them for notifying companies in advance (as if they were a shakedown racket demanding money). And its either that, or they ignore the vulnerability researcher till the 'post in the wild'. Better to post right away, get it out in the open, and move on. Many companies behave identically to the political right: they have no prescience. They can get a million warnings about a potential problem and will cheerfully ignore it. When it comes down on them like a ton of bricks, then they yelp and cry out. Its stupid, but they always go for the pound of cure (often costing millions) rather than the ounce of prevention (costing pennies).
I was there and he answered this in his talk. There were hundreds of VPN services that still supported using it. He pointed out that iPredator (VPN service for the Pirate Bay) ONLY supports MS-CHAPv2. The ubiquity of use and support has created a loop where people keep using it (another point of his talk).
Do really dense people warp space more than others?
is MSCHAPV2 actually used by people?
Back when I was in university the library used it to identify students. After connecting to the library VPN, you had access to the library resources (mostly journals) from off-campus IP addresses.
It was secure enough for that purpose.
Way to miss the fucking point.
Moxie, who I'd say has made massive contributions to personal security with his "positive" security tools (WhisperCore, RedPhone, TextSecure, etc.) has just released a tool which effectively eliminates common security measures people have previously been taking, rendering them open to attack. Not just enterprises or nation-states, but Joe Laptopper at the neighborhood Starbucks.
This isn't a new issue, certainly, but the likelihood of being attacked at the neighborhood coffee shop's WiFi was indistinguishable from zero. Now there's an off the shelf tool and cloud service made specifically to break through the security people have been using. This means that even someone who was doing security "correctly" (i.e. using a VPN on a public wifi network) is now at risk from having credentials stolen over the wire.
Other than giving Microsoft the finger, this doesn't seem like it's contributing much to the discourse. I'm disappointed in Moxie, he's placed a whole lot of people at risk just to say he could.
When using DES or a similar broken algorithm to secure communications you subject yourself to the the weaknesses of that algorithm. DES has been broken since the advent of the Core 2 from Intel or the FX series from AMD. Basically as Moore's Law pushes computing power ever further it also obsoletes weaker encryption algorithms. This is true for all crypto systems that are based on the use of the Discrete Logarithim Problem; It's based on the fact that it's difficult to compute large prime numbers. (ie; NP-Hard) now I'm generalizing here; 56-bit DES is a BAD idea; where possible when implmenting WPA2 use 128-bit AES (at a minimum) and use mutual 802.1x based certificates and a Full PKI for both the user and system accounts and preferably use secure tokens for their certs as well. What this means for you as a user? Well fire up wireshark / backtrack on your WiFi and submit your PCAP of a MS-CHAP handshake to find out; if it's insecure his tool will verify that notion; if it's secure his tool will tell you that you have chosen well.
OK, so what does it cost to buy 12-24 hrs of time on this FPGA set? Their dictionary attack service is $17/20 minutes on commodity hardware. At that rate this attack would cost $25K and I care much less about it than if the attack costs $25.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Does is mean that all the eduroam (WiFi in universities) connections are to be considered unsafe? Eduroam uses PEAP and EAP-MSCHAP v2 for logins. Thanks!
Let's just put it this way: We're a major phone services provider (think interactive voice service, not networks) in Europe and our VPN only supports MSCHAPv2.
Oh get your mind out of the gutter, I just want to test security on my own network. Lol, I watch my kids computers anytime I want too. That's just what kind of guy I am. You gonna start pissin an wailin about security? Maybe you'd like to just wait around till someone DOES compromise your system, or your bosses system, or your customers, your banks..... Does the fact that these tools exist within your grasp in order to fix your pissant security escape you? Maybe you just expect everyone to lay around with lubed sphincters because you do.
Got a problem with Marlinspike having a private life? He's out there saving your dumb ass.
Bets on how many goobers still can't put this picture together?
Having just implemented a PEAP-TLS (mutual-certificate based authentication), I can say that what I really want is a combination PEAP-TLS-MSCHAPv2 solution (which doesn't exist to my knowledge). I want mutual-certificate authentication (proving a "Corporate Issue" device which has a typical-end-user non-exportable private key is in use, effectively "something you have"', especially on encrypted drives with no user admin-access) wrapping around a MSCHAPv2 authentication of username/password pairs. While certificates can be revoked (and renewed), it's not the same as requring strong user passwords that change semi-frequently.
Win2k Pro does have a PPTP client too and AFAIK Win98 too.
This affects also those using poptop (poptop.org seems to be uneachable) with Linux.
Also Cisco PIX did support it.
Cisco ASA (os ver > 7.x) doesn't any more.
PPTP is such a simple protocol, basically just additional tcp port for authentication and then PPP over GRE with PPP compression replaced with encryption hack based on DES.
This is not entirely headache of those who had been using Windows RRAS and haven't upgraded more secure systems yet.
https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
Do really dense people warp space more than others?