Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Moxie Marlinspike Tool Cracks Crypto Passwords

Posted by samzenpus on from the noew-tool-for-the-box dept.

Gunkerty Jeb writes "Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft's MS-CHAPv2 protocol. Marlinspike discussed the tool during a talk at DEF CON over the weekend, and it is available for download."

15 of 71 comments (clear)

  1. I know he's brilliant by winkydink · · Score: 4, Funny

    but whenever I read his name, my mind keeps wandering to Stephen R. Donaldson novels and off the point he's trying to make.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  2. so what? by jehan60188 · · Score: 3, Insightful

    not trying to be brash, or curt or whatever, but can someone explain the larger implications?

    what does this mean for me (the average non-very-savvy-when-it-comes-to-security person)?
    should I stop using tor (is tor pptp?)?
    should I stop using vpn, or wpa wireless networks?

    this actually doesn't seem that interesting, I mean, if you use a cloud-based cracker, couldn't you have submitted the wpa handshake there already?

    1. Re:so what? by BagOBones · · Score: 5, Informative

      PPTP is a type of VPN still used by some companies and included with windows...
      MS-CHAPv2 is the default / most common authentication option when using PPTP with windows. Thus organizations still using PPTP for remote access may be at risk.

      --
      EA David Gardner -"... but the consumers have proven that actually what they want is fun."
    2. Re:so what? by characterZer0 · · Score: 2

      PPTP using EAP-TLS is still okay, right?

      --
      Go green: turn off your refrigerator.
    3. Re:so what? by Anonymous Coward · · Score: 2, Informative

      If I understand it correctly, one implication is that if you:

      1. use Micrsoft Windows' built-in VPN client (Network Connections -> Connect to...)
      2. to connect to Microsoft Windows' built-in VPN server ("Remote Access")
      3. and someone snifs your traffic (like on a public Starbucks hot-spot)

      then they can decrypt that VPN traffic.

      One would assume that usage of Microsoft's built-in stuff is pretty prevalent, so the implications of this are pretty big.

    4. Re:so what? by skids · · Score: 4, Informative

      For VPN use IPSEC, not PPTP, either with certificate-based outer tunnel, or with an outer tunnel using a PSK that you trust will not be compromised. The latter is near impossible in enterprise setups, so the certificate approach is superior, albeit harder to administer.

      WPA2-PSK is insecure due to a separate issue entirely (see Firesheep).

      For WPA2-Enterprise the MSCHAPv2 session is usually wrapped in a PEAP (SSL) session. This should be safe as long as your client is configured to validate the server-side certificate only against CAs that are not likely to be compromised (i.e. a rougue cert generated). Preferably, one should also validate the certificate's subject (usually the name of the RADIUS server). If this is not the case (and Apple makes this particularly hard, especially on the new Lion setup that requires an 802.1x profile generated by a Lion Server installation) then an MITM attack is possible, where someone pretends to be your AP+RADIUS, and since your client does not check the certificate they offer, it will happily start the MSCHAPv2 session with them, at which point the exchange becomes vulnerable to attempts to hijack it.

      WPA2 using EAP-TLS with certificates is safe, but does not offer the ability to check user passwords, so it is usually only favored by institutions that do not worry too much about stolen equipment. (Given that everyone seems happy to let the OS remember their passwords, however, the added benefits of the password becomes dubious.) WPA2 with EAP-TTLS should be unaffected by any of this. The precautions about validating server certs remain relevant, however.

      It is possible to configure WPA2-Enterprise with just a raw MSCHAPv2 exchange and no protective PEAP wrapper around it. That would be what the OP's tool is for. It would also be completely insane, and given many native clients do not support that, rather a lot of effort to invest in being insane.

      --
      Someone had to do it.
    5. Re:so what? by GSloop · · Score: 2

      WPA2-PSK is insecure due to a separate issue entirely (see Firesheep).

      Citation needed.

      ---
      Not to be harsh, but WPA2-PSK has NOTHING to do with firesheep. JUST NOTHING.

      Firesheep is a takover of a non SSL wrapped session. So, someone on a non-switched ethernet network can take-over a session. Same is true for any shared medium network, like wireless.However, since WPA2 uses weak individual session encryption you can perhaps determine the PWMK and then sniff all other sessions.

      But to determine the PWMK you need the PSK to start with. This doesn't mean that the whole WPA2-PSK is broken.
      It does mean individual session security is bad if you already know the PSK.

      If you don't have the PSK, I'm not aware of any non-brute force method of hacking WPA2-PSK, especially AES. [There are some cases where you can inject packets in a TKIP encrypted session.]

      So, I guess I think your claim that WPA2-PSK is broken requires a citation.

    6. Re:so what? by GSloop · · Score: 2

      To amplify that:

      If the attacker already knows the PSK, then your whole network is screwed and individual session security, while important, becomes far less important.

      So, yes, individual sessions are important - but this really isn't any/much different than ARP poisoning on a switched network. You shouldn't rely on such methods for real security.

      However, for small networks - ergo home/small business networks - using WPA2-PSK is perfectly fine - just be careful who you share the key with, just like you'll be careful who you let plug into your ethernet switch.

      PSK isn't very appropriate for larger more sophisticated networks with more complicated security issues.

  3. this is the same by nimbius · · Score: 4, Interesting

    poor guy who is actually more well renound for deciding to help wikileaks and spending most of his 2010 travel itinerary detained and threatened by customs agents.

    for me, he falls somewhere between hero and legend. im certain for the government he falls somewhere between drone strike and gulag.

    --
    Good people go to bed earlier.
  4. Moxie Marlinspike by MyLongNickName · · Score: 5, Funny

    I read the headline and wondered why a crack was released for Ubuntu only and such an old version...

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  5. Re:Nice hack, but... by Anonymous Coward · · Score: 5, Informative

    Actually, lots of companies still use MS PPTP precisely because it's cheaper and easier than the alternatives. MS PPTP server is built into RRAS, so it's free, and the client is built into every version of Windows since XP.

  6. Who uses MS-CHAPv2? by D3 · · Score: 5, Interesting

    I was there and he answered this in his talk. There were hundreds of VPN services that still supported using it. He pointed out that iPredator (VPN service for the Pirate Bay) ONLY supports MS-CHAPv2. The ubiquity of use and support has created a loop where people keep using it (another point of his talk).

    --
    Do really dense people warp space more than others?
  7. Re:I admire this guy by Penurious+Penguin · · Score: 5, Interesting

    If I remember correctly, he also developed Google-Sharing, a firefox extension to garble the data google collects on its users. Basically, all users with the extension share their tracks, which are fed to google to help confuse it. Futile, perhaps, but a great idea and an important concept no doubt. I dig the guy too.

    --
    Forward! -- Emperor Norton, 2012
  8. Re:Nice hack, but... by swb · · Score: 2

    I've worked with more than one company that has wanted to actually return to using PPTP after bad experiences with IPSec client VPNs.

    It's typically because the client software blows or isn't available on their platform or hasn't been updated for an OS rev change (we saw this with Vista/Win7).

    Most of these were small shops that couldn't afford the freight on a dedicated VPN setup and were stuck with whatever their firewall would do. Cisco's IPSec implementation seems widely supported, but you have to be willing to pay for it, otherwise the next best choice if you have a weird platform is PPTP.

    I wish there was a vendor-neutral SSL VPN implementation, but they all do it differently.

  9. Re:Nice hack, but... by Eskarel · · Score: 2

    I've had great success with shrewsoft Has worked for me with a few different VPN vendors and it's available in 32 and 64 bit for a bunch of platforms. Works better for me than the CISCO client.