Home » Security » PPTP & Wireless WPA2-Enterprise Not Secure

Tools released at Defcon by security researcher Moxie Marlinspike can crack widely used PPTP encryption in under a day using CloudCracker.  Moxie Marlinspike and few other researchers developed software to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) and WPA2-Enterprise (Wireless Protected Access) sessions that use MS-CHAPv2 for authentication.

Before we go any further let’s go deeper into these protocols.

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.  The PPTP specification does not describe encryption or authentication features and relies on the Point-to-Point Protocol being tunneled to implement security functionality. PPTP implementation is widely used in Microsoft Windows products, and implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN products.

Wi-Fi Protected Access II (WPA2) is a security protocol and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.  WPA2 became available in 2004 and is common shorthand for the full IEEE 802.11i or IEEE 802.11i-2004 standard.   WPA2 has two encryption methods one called Advanced Encryption Standard (AES) and one called Temporal Key Integrity Protocol (TKIP) both of these allow for stronger encryption.  The WPA2 protocol creates a new encryption key for each session.  As part of WPA2 Pairwise Master Key caching, where faster connections occur when a client goes back to a wireless access point to which the client already is authenticated.  Pre-Shared Key or PSK supports two different authentication mechanisms one using standard RADIUS servers and the other with a shared key, similar to how WEP works.

MS-CHAP2 is the Microsoft version of the Challenge-Handshake Authentication Protocol, CHAP.  MS-CHAP is used as one authentication option in Microsoft’s implementation of the PPTP protocol for virtual private networks.  MS-CHAP2 used as an authentication option with RADIUS servers which are used for WiFi security using the WPA-Enterprise protocol. It is further used as the main authentication option of the Protected Extensible Authentication Protocol (PEAP).  MS-CHAP v2 provides two-way authentication and multiple cryptographic keys to secure transmitted and received data.

Marlinspike’s advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.

This is the video of Marlinspike’s presentation.

Comments

comments

Latest

Apple Watch Music Apps on the Apple Watch Series 3
hoverboard The Rise of the Hoverboard: Could They Replace Cars?
security camera How To Know If You Security Camera has Been Compromised?
Stand Up Stand Up App Review
Immoabroad Using Immoabroad To Travel

Follow Us

Visit Us On TwitterVisit Us On FacebookVisit Us On GooglePlusVisit Us On PinterestVisit Us On YoutubeCheck Our Feed

Tech Geek Today

Tech Geek Today

MonTueWedThuFriSatSun
      1
2345678
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
18192021222324
252627282930 
       
 123456
78910111213
21222324252627
28293031   
       
      1
2345678
16171819202122
23242526272829
30      
   1234
567891011
12131415161718
262728293031 
       
   1234
567891011
12131415161718
19202122232425
262728    
       
1234567
891011121314
22232425262728
293031    
       
    123
45678910
11121314151617
18192021222324
25262728293031
       
  12345
6789101112
20212223242526
27282930   
       
      1
9101112131415
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
252627282930 
       
 123456
78910111213
14151617181920
21222324252627
28293031   
       

Archives