2

I am looking at connecting in a reasonably secured way mobiles to an enterprise WiFi network. The current solutions would be user certificates on the mobiles (they are unfortunately exportable) or PEAP-MS-CHAP-v2.

PEAP-MS-CHAP-v2 is vulnerable to offline bruteforce attacks, I am therefore trying to estimate the required entropy of passwords in three scenarios:

  • pure bruteforce attack
  • psychologically-clever bruteforce (which assumes as a start that people will probably use a capital letter at the beginning and end up with a digit - if there two are enforced)
  • reasonable dictionnary attacks (of the form "if there is a 20 chars passphrase, it will likely be made up of 4 or 5 words")

All this coupled with current average CPU/GPU capabilities when performing the attack.

Has anyone seen a realistic estimation of the required complexity? I use the word realistic because this is an enterprise network so 20 characters with 3 digits, two capitals and 3 symbols will not be cheered with joy (people need to work, in addition to entering their passwords :))

There are many places which compute raw estimates, usually for generic bruteforce. Have you seen anything which takes into account some of the aspects above?

Thanks!

WoJ
  • 3,365
  • 8
  • 46
  • 75

1 Answers1

2

MS-CHAPv2 is now completely broken (see https://github.com/moxie0/chapcrack).

The complexity of recovering the NTLM hash can be reduced to that of brute-force cracking a DES encryption key, which means that the complexity of the password is now irrelevant (as long as you are only interested in the NTLM hash and not the password itself - and in most cases, you would be; the hash is everything that is needed to authenticate with MS-CHAPv2, recover derived MPPE session keys etc).

tl;dr: Cracking a recorded MS-CHAPv2 challenge/response pair is now absolutely feasible. If security is of any concern to you, use something else.

lxgr
  • 563
  • 1
  • 6
  • 18