Presented at
DEF CON 20 (2012),
July 28, 2012, 10 a.m.
(50 minutes).
MS-CHAPv2 is an authentication and key negotiation protocol that, while old and battered, is still unfortunately deployed quite widely. It underpins almost all PPTP VPN services, and is relied upon by many WPA2 Enterprise wireless deployments. We will release tools that definitively break the protocol, allowing anyone to affordably decrypt any PPTP VPN traffic or CHAPv2-based WPA2 handshake with a 100% success rate.
Presenters:
-
David Hulton / h1kari
as David Hulton
-
Marsh Ray
-
Moxie Marlinspike
Moxie Marlinspike was the CTO and co-founder of Whisper Systems, is a member of the Institute For Disruptive Studies, runs a cloud-based password cracking service, is the original developer of sslstrip and sslsniff, manages the GoogleSharing targeted anonymity service, is the creator of the Convergence SSL authenticity system, and is the co-creator of the TACK certificate pinning protocol. His tools have been featured in many publications, including CNN, Forbes, The Wall Street Journal, and The New York Times. He is also the author of the sailing film "Hold Fast."
Links:
Similar Presentations: