|reply to Drum |
FYI, From the PIA website, they use 128bit encryption based on Microsoft MS-CHAP v2 (2004 - Win NT era security).
Do a google search on "Microsoft MS-CHAP v2 security" and you will eventually find this article which shows that it can be defeated within 24hrs. »www.cloudcracker.com/blog/2012/0···chap-v2/
What do you win?
At this point, you can plug the cracked MD4 hash CloudCracker gives you back into chapcrack, and it will decrypt the entire network capture (and all future captures for that user). Alternately, you can also use it to login to the user's VPN service or WPA2 Enterprise radius server.
We hope that by making this service available, we can effectively end the use of MS-CHAPv2 on the internet once and for all. And as always, submitting MS-CHAPv2 jobs to CloudCracker is available through the standard web interface as well as the API.