7 comments

[ 0.28 ms ] story [ 26.5 ms ] thread
It shows that obfuscation is only good encryption when nobody is actually looking for your data.
I should really try and figure out if some of the Bitcoin mining FPGAs on the market can be used for this...
I missed this the first time around, is there a paper in addition to the blog post? I am wondering if I misunderstand common implementations of PWA 2 enterprise. I was under the impression that mschapv2 was only used inside the server (or mutual) authenticated tls with schemes like peap. Does the chap response actually travel in the clear after tls is used to authenticate the AAA box?
It's sent in the clear in PPTP and RADIUS. I haven't looked at WPA2 personally, but my understanding is that it is in deployments without properly-authenticated certificates.
Yea, the best solution would be a MS-CHAPv3 with the fix from NTLMv2, but...
This is sort of changing the subject a bit and for that I apologise. What do you guys think of MS "DirectAccess" that appeared in Windows 7?

One might call it their follow-up to the basic PPTP VPN. It is marketed to corporate customers.

It's IPv6 inside IPv4 and it seems to require a MS server to work. Whether that server is a forwarding gateway I do not know. Beyond that I haven't really dug into it. And I haven't seen it discussed much.