MS-CHAPv2 is based on the eminently crackable encryption algorithm DES. The problem was first documented in 1999 by Bruce Schneier working with two other researchers. A large number of processor cores are still required to crack the encryption within a reasonable time – the number of possible keys makes trying to perform a brute force attack on a normal PC a hopeless task.
With the help of a company called Picocomputing, Marlinspike has developed a processing server which is able to test 18 billion keys per second – a feat which would normally require 80,000 CPUs. The server is equipped with 48 programmable processing units known as field programmable gate arrays (FPGA). Each FPGA is programmed to provide 40 parallel processing units, each with a clock speed of 450 MHz, for cracking DES. Users who want to take advantage of the service will first have to extract the client-server handshake from a record of the network traffic. Marlinspike has developed an open source tool called chapcrack for this purpose.
Despite its (long) known weaknesses, MS-CHAPv2 is still widely used, especially in company environments, as the authentication protocol is supported out of the box by many operating systems. A PPTP/MS-CHAP2 combination is also in widespread use on smartphones.
In view of the fact that a highly specialized cracking server is now available to anyone who cares to use it, serious consideration should be given to whether this authentication protocol should continue to be used. Attackers can now access company networks for a mere $200.