Fast-Forward: The Ghost of VPN Past

min read

The following is a guest post by Chris Markman, Academic Technology Specialist at Clark University, where he presses the "fast-forward button" on Hacker Conference videos to give you a summary of the talk in a condensed format, with direct links to resources mentioned in the talk. New posts are available each month in the Security Matters blog column.

Those of you following the EDUCAUSE Campus Security Awareness Campaign know that June focuses on the benefits of using a virtual private network (VPN) to securely access resources and services. So what better way to celebrate secure computing than taking a trip down memory lane to revisit Moxie Marlinspike (@moxie), David Hulton (@0x31337), and Marsh Ray's (@marshray) DEF CON 20 presentation from 2012, "Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2"? This is a short talk, less than 30 minutes long, and even if crypto isn't your thing, it is still worth watching for historical context and some security lessons that were learned the hard way. The description from YouTube provides a brief overview:

MS-CHAPv2 is an authentication and key negotiation protocol that, while old and battered, is still unfortunately deployed quite widely. It underpins almost all PPTP VPN services and is relied upon by many WPA2 Enterprise wireless deployments. We will release tools that definitively break the protocol, allowing anyone to affordably decrypt any PPTP VPN traffic or CHAPv2-based WPA2 handshake with a 100% success rate.

If this is the first you've heard of MS-CHAPv2, that's a good thing! It means security researchers were successful in showing how vulnerable the protocol was over 10 years ago, and/or your organization does not use it for VPN. If you are familiar with MS-CHAPv2, hopefully this talk will prompt you to realize Wireshark and Asleap are just a quick search away for most Internet users.

Long story short, the major issue with MS-CHAPv2 is that the protocol is only as secure as the strength of the password used and in many cases is trivial to crack. You'll need to jump to 5:41 to get an overview of how the protocol actually works, but before you do, here is a link to the academic paper "Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)" published by Bruce Schneier (@schneierblog) and Mudge (@dotMudge) in 1999, which is cited as inspiration for the talk in the first three minutes and could have been its own presentation. The paper goes into much greater detail than this talk, but of course it is not nearly as easy to absorb playing in a background browser window. In contrast, the majority of this DEF CON talk is geared more toward how to break MS-CHAPv2, not why it's broken.

To put the issue in more concrete terms, skip ahead to the long list of VPN providers at 3:53 that were using MS-CHAPv2 as of a few years ago, and some commentary from Moxie about why that was the case. What is described is essentially an IT security bandwagon fallacy — just because something is supported by a lot of vendors or widely used in the industry, does not mean it's the best option. More importantly, as we dig deeper into the protocol itself you "get the feeling the [Microsoft] designers didn't think [it] would be public one day," as Moxie says early on.

At 14:51 David Hulton gets on stage and starts talking about brute forcing keys and a brief history of Data Encryption Standard (DES) as a network cypher. Following this, from a historical perspective, there are even more interesting things to see and hear about, like the Electronic Frontier Foundation's DES Cracker (nicknamed "Deep Crack") from 1998 at the 17:02 mark, followed by some clever uses for JTAG in hardware hacking and an introduction to the now defunct cloudcracker.com web service.

As a final side note, if you do nothing else as a result of this blog post, I highly recommend reading the Wikipedia entry for DEF CON and in particular, the notable incidents section for the year of this presentation — so many things have happened in information security since 2012; it's pretty amazing. Take a moment to reflect on this: are our computer systems more or less secure today in 2016? Are we repeating the same mistakes of "VPN past" and MS-CHAPv2, or has the industry changed for the better?


Chris Markman has been blogging about technology since 2008, first as a volunteer for the Participatory Culture Foundation and later as an MSLIS student at Simmons College and MSIT student at Clark University. Prior to joining the Academic Technology Services team at Clark University in 2014, he managed a film and music library in the Visual and Performing Arts department. Markman is a member of the New England Archivists professional group and several artist collectives in the city of Worcester, Massachusetts.

© 2016 Christopher Markman. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.