Defcon day 3 started with one of the most awaited talks of Defcon 20. It was the talk “Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2” by Moxie Marlinspike, David Hulton and Marsh Ray. Moxie marlinspike has been one of the most popular speakers at Defcon for the past few years and as expected, the hall was full of people.
Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2
This talk was mainly about pointing out the vulnerabilities in the MS-CHAP v2 protocol. The speaker talks about how the previous research has shown that the security of the protocol is based on the password of the user. PPTP and WPA 2 Enterprise (which is used by the Defcon wi-fi network) both depend on MS-CHAP v2 protocol. He then explains how many of the VPN providers support PPTP, giving a specific example about Ipredator which only supports PPTP. He then gives a quick explaination about the MS-CHAP v2 handshake. He then explains how all the parameters in the handshake except the md4 hash of the password can be found as it is either know or sent in plaintext. Using some advanced mathematical logic, he then explains how the complexity of the password is that of a single DES encrypt, which is 2 to the power of 56. So the only thing to do now is to bruteforce the challenged response. Moxie then passes on the conversation to David hulton who explains how by using a GPA in a machine with a number of cores, it is possible to decrypt the challenged response in less than 24 hours. He then passes on the conversation to Moxie who explains about a new tool called “Chapcrack” that they will be releasing which is capable of parsing packets, get all the information about MS-CHAP v2 handshake, username etc. He then explains how the ability to crack hashes faster is not available to the general public. Finally, he announces the additional feature to crack MS-CHAP v2 responses in his website Cloud Cracker. The user can enter his email address on the website and get the result within 1 day.
A pic from the panel discussion “Meet the Fed Panel Two”
A pic from “Q & A with the Men (and Women) in Black”
A pic from “Bigger Monster,Weaker Chains: The NSA and the Constitution”
If you are at Defcon, you may not want to miss on the Defcon nightlife. There are a lot of parties held everyday, some of them are private and need invitations, while some of them are open to all the Defcon attendees. I went to the Infected mushroom party on Saturday night. Here is a pic from the party.
And here is a video from the Infected Mushroom party.