Moxie Marlinspike who specialises in cryptology has released tools at the recent DEF CON 20 hacking conference that can crack WPA2 and the VPN passwords used by corporate networks. The tools target a weakness in Microsoft's MS-CHAPv2 protocol, which the widely used the Point to Point Tunnelling Protocol (PPTP) uses for authentication purposes.
One of Moxie's programs, 'ChapCrack' targets MS-CHAPv2 handshakes and Secure Socket Layer (SSL) communications to generate a key that can be fed to another program dubbed 'CloudCracker' which runs on super computer utilising customised hardware.
In less than a day CloudCracker generates another key which can then be fed back into ChapCrack enabling ChapCrack to break the Data Encryption Standard (DES) codes.
All traffic across the compromised WiFi network is then visible to the hackers including passwords, emails and other confidential information.
PPTP has until now remained popular due to its backwards compatibility with Windows XP systems. Perhaps now this will change.
Computer World also reports on this here.
