Moxie Marlinspike, the security and privacy researcher known for his SSLStrip, Convergence and RedPhone tools, has released a new tool that can crack passwords used for some VPNs and wireless networks that rely on encryption using Microsoft’s MS-CHAPv2 protocol. Marlinspike discussed the tool during a talk at DEF CON over the weekend, and it is available for download.
ChapCrack is designed to enable users to crack passwords that are used to help secure PPTP connections. PPTP (point-to-point tunneling protocol) is one of the protocols used for securing remote connections. The MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2) is the algorithm used to do the secure negotiation for some PPTP implementations.
“Separate cryptographic keys are generated for transmitted and received data. The cryptographic keys are based on the user’s password and the arbitrary challenge string. Each time the user connects with the same password, a different cryptographic key is used,” Microsoft says in the documentation for the protocol.
Marlinspike’s ChapCrack tool has the ability to take packet captures that include an MS-CHAPv2 network handshake–the back-and-forth negotiation that sets up the secure connection between machines–and remove the relevant credentials from the capture. The user can then submit the encrypted credentials to CloudCracker and will eventually receive in return an encrypted packet that he can insert into ChapCrack again. The tool then will crack the password.
The ChapCrack tool relies on the computing power of a system built by Pico Computing, a specialized manufacturer of hardware for applications such as cryptography that require large amounts of dedicated processing power. David Hulton of Pico Computing presented the ChapCrack tool at DEF CON with Marlinspike.
“They were able to build an FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle. With 40 cores at 450mhz, that’s 18 billion keys/second. With 48 FPGAs, the Pico Computing DES cracking box gives us a worst case of ~23 hours for cracking a DES key, and an average case of about half a day,” Marlinspike said in a blog post on the attack and tools.
“With Pico Computing’s DES cracking machine in hand, we can now crack any MS-CHAPv2 handshake in less than a day. “
Here’s how the ChapCrack documentation describes the process:
1) Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
2) Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
3) Submit the CloudCracker token to www.cloudcracker.com
4) Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n )
ChapCrack has the ability to search the entire DES keyspace in order to crack the captured password. DES is an old encryption standard that was replaced several years ago by AES. However, DES is still in use in some places, and the fact that Marlinspike was able to design a system that can tear through all of the DES keyspace in a reasonable amount of time shows again the serious problems with the algorithm.
Although MS-CHAPv2 is an older protocol and has had known security weaknesses for more than a decade, Marlinspike said in his post that he and Hulton chose to go after it because it is still used in a lot of enterprise wireless networks that use WPA2 and in numerous VPNs. Hulton and Marlinspike say that, as a result of their findings, enterprises would be smart to start migrating their implementations now.
“All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted,” Marlinspike wrote. “Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.”
This article was update on July 30 to add more context about the hardware involved in the crack and Pico Computing’s involvement.