Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Moxie Marlinspike Tool Cracks Crypto Passwords

Posted by samzenpus on Monday July 30, 2012 @05:15AM from the noew-tool-for-the-box dept.

Gunkerty Jeb writes "Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft's MS-CHAPv2 protocol. Marlinspike discussed the tool during a talk at DEF CON over the weekend, and it is available for download."

2 of 71 comments (clear)

Min score:

Reason:

Sort:

Re:so what? by BagOBones · 2012-07-30 05:32 · Score: 5, Informative

PPTP is a type of VPN still used by some companies and included with windows...
MS-CHAPv2 is the default / most common authentication option when using PPTP with windows. Thus organizations still using PPTP for remote access may be at risk.

--
EA David Gardner -"... but the consumers have proven that actually what they want is fun."
Re:Nice hack, but... by Anonymous Coward · 2012-07-30 05:47 · Score: 5, Informative

Actually, lots of companies still use MS PPTP precisely because it's cheaper and easier than the alternatives. MS PPTP server is built into RRAS, so it's free, and the client is built into every version of Windows since XP.