Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2

DEF CON 20

Presented by: Moxie Marlinspike
Date: Saturday July 28, 2012
Time: 10:00 - 10:50
Location: Track 5 / Penn & Teller

MS-CHAPv2 is an authentication and key negotiation protocol that, while old and battered, is still unfortunately deployed quite widely. It underpins almost all PPTP VPN services, and is relied upon by many WPA2 Enterprise wireless deployments. We will release tools that definitively break the protocol, allowing anyone to affordably decrypt any PPTP VPN traffic or CHAPv2-based WPA2 handshake with a 100% success rate.

Moxie Marlinspike

Moxie Marlinspike was the CTO and co-founder of Whisper Systems, is a member of the Institute For Disruptive Studies, runs a cloud-based password cracking service, is the original developer of sslstrip and sslsniff, manages the GoogleSharing targeted anonymity service, is the creator of the Convergence SSL authenticity system, and is the co-creator of the TACK certificate pinning protocol. His tools have been featured in many publications, including CNN, Forbes, The Wall Street Journal, and The New York Times. He is also the author of the sailing film "Hold Fast."


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats