The main thesis of the conference presentation is the vulnerabilities of the 802.1X 2010 authentication protocol and the importance of using secure EAP methods.
- The rogue gateway attack can bypass 802.1X 2010 authentication by attacking the authentication process itself.
- The updated and improved existing edited out techniques have been packaged into an easy-to-use tool called Silent Bridge.
- The EAPmd5 force real dedication attack makes attacking a PMD 5 easier and faster.
- The benefits provided by 802.1X can be undermined by continued use of VAP as an authentication mechanism.
- The lack of support for 802.1X 2010 and low adoption for strong AP methods undermines the support by peripheral devices.
- The EAP method used is crucial for the security of the authentication process.
- The MSChapE2 challenge and response is vulnerable to cryptographic weakness and can be cracked within 24 hours.
- The cost of cracking the MSChapE2 challenge and response has decreased over time.
- The security of EAP is only as strong as the EAP method used.
In 2012, Moxie Marlinspike and David Holton demonstrated that the MSChapE2 challenge and response can be converted to NTLMv1, which can be reduced to a single 56-bit DES encryption that can be cracked within 24 hours with a $100,000 FPGA-based cracking rig. Today, the cost of building such a rig has decreased to $10,000-$20,000, making it more accessible to criminal enterprises.