Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Moxie Marlinspike Tool Cracks Crypto Passwords

Posted by samzenpus on Monday July 30, 2012 @05:15AM from the noew-tool-for-the-box dept.

Gunkerty Jeb writes "Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft's MS-CHAPv2 protocol. Marlinspike discussed the tool during a talk at DEF CON over the weekend, and it is available for download."

2 of 71 comments (clear)

Min score:

Reason:

Sort:

Who uses MS-CHAPv2? by D3 · 2012-07-30 06:05 · Score: 5, Interesting

I was there and he answered this in his talk. There were hundreds of VPN services that still supported using it. He pointed out that iPredator (VPN service for the Pirate Bay) ONLY supports MS-CHAPv2. The ubiquity of use and support has created a loop where people keep using it (another point of his talk).

--
Do really dense people warp space more than others?
Re:I admire this guy by Penurious+Penguin · 2012-07-30 06:29 · Score: 5, Interesting

If I remember correctly, he also developed Google-Sharing, a firefox extension to garble the data google collects on its users. Basically, all users with the extension share their tracks, which are fed to google to help confuse it. Futile, perhaps, but a great idea and an important concept no doubt. I dig the guy too.

--
Forward! -- Emperor Norton, 2012