Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
MS-CHAPv2 cracks for WPA2-Enterprise?
I'm hoping that people with crypto-clue can comment on the the recently introduced ChapCrack tool with respect to 802.1x WPA2- Enterprise wifi using PEAP/MS-CHAPv2. So far all I've found is "magazine level" references, e.g.: http://news.cnet.com/8301-1009_3-57481855-83/tools-boast-easy-cracking-o... The vulnerabilities seem to be with MS-CHAPv2 on Microsoft's PPTP VPNs, but the articles also mention WPA2-Enterprise wireless. Do these tools work against PEAP/MS-CHAPv2 as well as against PPTP implementations? (That is, I don't really know how PEAP is similar/ dissimilar to PPTP.) As it happens, until very recently we were using TTLS/PAP for our 802.1x authentication, but it is a pain for users to initially connect: On Windows, they have to install the SecureW2 supplicant, and Mac/iPhone/iEtc devices need to install a custom wireless config file (or, on older Macs, specify the 802.1x configuration manually). We've just added support for PEAP/MS-CHAP, which is much easier for users in that it pretty much "just works": you enter your username and password, and accept our RADIUS server's certificate, and you are on. It would be a drag if we just swapped to a much more vulnerable protocol. Thanks for any clarifications you can offer. Steve Bohrer Network Admin Bard College at Simon's Rock 413-528-7645 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.