understanding

[Phil Mayers]

On 30/03/12 10:38, Fajar A. Nugraha wrote:

>> How easy is it to crack
>> such a password?  An authentification wouldn't have happened but the
>> attacker would have had the encrypted usernames and passwords.
>
> They won't.

Not immediately. But MSCHAP is a complex (and old) algorithm, and it is 
possible to perform a known-ciphertext attack. See e.g.

http://code.google.com/p/mschapv2acc/

I'd wager this attack could be improved a lot by capturing multiple 
chal/resp pairs and doing clever stuff with them, but my crypto maths 
are very rusty by this point.

The takeaway is that you should not be doing MSCHAP over an insecure 
channel, IMO.