PPTP and WPA-2 encryption can be cracked within a day using the tools released at Defcon

Many VPN service providers use PPTP technology to encrypt their connection between the server and the client, claiming that it is the most secure service out there. But, tools released at Defcon suggests that it is no longer true.

Major VPN service provider including "IPredator" by TPB, uses PPTP protocol to encrypt their connection. The Pirate Bay claims that IPredator is a tool to fight ISP tracking and is secure to any vulnerabilities.

MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.

ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.

This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.

The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.

It is the time to move to the newer technology now like IPsec or OpenVPN, rather than relying on the old and crappy one. PPTP served well and did what it was meant for, but it is now old and vulnerable.

Companies with wireless network deployment that use WPA2 Enterprise security with MS-CHAPc2 authentication should also switch to an alternative.