

Cheaper MS-CHAPv2 Cracking - moxie
https://www.cloudcracker.com/blog/2012/09/24/chap-v2-discounted/

======
garbaaj
This is sort of changing the subject a bit and for that I apologise. What do
you guys think of MS "DirectAccess" that appeared in Windows 7?

One might call it their follow-up to the basic PPTP VPN. It is marketed to
corporate customers.

It's IPv6 inside IPv4 and it seems to require a MS server to work. Whether
that server is a forwarding gateway I do not know. Beyond that I haven't
really dug into it. And I haven't seen it discussed much.

------
stephengillie
When searching "DES keyspace" to learn about it, I came across this link,
which may be relevant to your interests:

[http://people.ece.cornell.edu/land/courses/ece5760/FinalProj...](http://people.ece.cornell.edu/land/courses/ece5760/FinalProjects/f2008/tt236/tt236/index.html)

Someone created a small hardware device to brute-force DES. There's lots of
good info about LM and NTLM encryption.

------
trotsky
I missed this the first time around, is there a paper in addition to the blog
post? I am wondering if I misunderstand common implementations of PWA 2
enterprise. I was under the impression that mschapv2 was only used inside the
server (or mutual) authenticated tls with schemes like peap. Does the chap
response actually travel in the clear after tls is used to authenticate the
AAA box?

~~~
marshray
It's sent in the clear in PPTP and RADIUS. I haven't looked at WPA2
personally, but my understanding is that it is in deployments without
properly-authenticated certificates.

~~~
yuhong
Yea, the best solution would be a MS-CHAPv3 with the fix from NTLMv2, but...

------
makomk
I should really try and figure out if some of the Bitcoin mining FPGAs on the
market can be used for this...

------
Tipzntrix
It shows that obfuscation is only good encryption when nobody is actually
looking for your data.

