I missed this the first time around, is there a paper in addition to the blog post? I am wondering if I misunderstand common implementations of PWA 2 enterprise. I was under the impression that mschapv2 was only used inside the server (or mutual) authenticated tls with schemes like peap. Does the chap response actually travel in the clear after tls is used to authenticate the AAA box?
It's sent in the clear in PPTP and RADIUS. I haven't looked at WPA2 personally, but my understanding is that it is in deployments without properly-authenticated certificates.
This is sort of changing the subject a bit and for that I apologise. What do you guys think of MS "DirectAccess" that appeared in Windows 7?
One might call it their follow-up to the basic PPTP VPN. It is marketed to corporate customers.
It's IPv6 inside IPv4 and it seems to require a MS server to work. Whether that server is a forwarding gateway I do not know. Beyond that I haven't really dug into it. And I haven't seen it discussed much.
7 comments
[ 0.28 ms ] story [ 26.5 ms ] threadhttp://people.ece.cornell.edu/land/courses/ece5760/FinalProj...
Someone created a small hardware device to brute-force DES. There's lots of good info about LM and NTLM encryption.
One might call it their follow-up to the basic PPTP VPN. It is marketed to corporate customers.
It's IPv6 inside IPv4 and it seems to require a MS server to work. Whether that server is a forwarding gateway I do not know. Beyond that I haven't really dug into it. And I haven't seen it discussed much.