Microsoft says don't use PPTP and MS-CHAP
Microsoft is warning of a serious security issue in MS-CHAP v2, an authentication system that is mainly used in Microsoft's Point-to-Point Tunneling Protocol (PPTP) VPN technology. Three weeks ago at the Black Hat conference, encryption expert Moxie Marlinspike presented the CloudCracker web service, which can crack any PPTP connection within 24 hours for $200.
The basic problem has been known for many years: MS-CHAP v2 uses a strangely convoluted combination of three DES operations. This combination can reliably be cracked by trying out all 256 possible DES keys – no matter how complex the password is. A specially developed server can finish this task in less than a day using FPGAs.
Once a PPTP log-in process has been recorded using a network sniffer, the chapcrack open source tool can extract the required tokens, and the key can be cracked for $200 by CloudCracker; this key can then be used to decrypt all the network traffic. The same is also true for corporate Wi-Fi networks that are encrypted with WPA2 and MS-CHAP2. Their MS-CHAPv2 challenge-and-response traffic can be intercepted with FreeRADIUS-WPE and then fed to chapcrack as before.
Two basic strategies can provide more security: either the MS-CHAP authentication traffic is given its own, separately encrypted tunnel – Microsoft recommends the Protected Extensible Authentication Protocol (PEAP) for this purpose – or the system is migrated to a secure VPN technology. Microsoft's suggested alternatives include L2TP/IPSec, IPSec with IKEv2 and SSTP. The OpenVPN open source protocol is not listed in the recommendation.