Moxie Marlinspike and David Hulton's Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate presentation from Defcon is now a reality. If you want to crack a MS-CHAPv2 PPTP authentication handshake (like the one I use when I connect to IPREDator, the secure proxy I favor), they'll exhaust all of the DES keyspace for you for a mere $20, usually in less than a day.
Basically, MS-CHAPv2-based VPNs should now be considered insecure and not fit for purpose. Plus Moxie and David can brute force all of DES for $20. Yowza.
A Week Of Discounted Cracking
For this week (9/23/2012), we will be offering deeply discounted MS-CHAPv2 cracking jobs by reducing the price from $200 to $20. This means that any PPTP VPN connection or intercepted MS-CHAPv2 WPA Enterprise wireless credentials can be cracked and decrypted with a 100% success rate for only $20.
The one major caveat is that an influx of additional jobs might increase the pending queue depth and cause MS-CHAPv2 jobs to take slightly longer than ususal, but we'll see how it goes.
(via Hacker News)