Archive for July 30th, 2012
Chapcrack and CloudCracker
Some of the biggest news that came out of DEFCON 20 was coverage of Moxie Marlinspike’s latest evisceration of MS-CHAPv2. There are papers dating back to 1999 describing weaknesses in MS-CHAPv2, Microsoft’s “updated” version of their original challenge/response system for authentication. The scheme’s weakness described briefly: a Server sends a Client a 16 byte challenge, […]
Posted: July 30th, 2012 under Cloud, Encryption, Uncategorized, Vulnerability.
Comments: none