CSO reports that new tool released at Defcon can crack PPTP or WPA2 in under a day
ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake’s security to a single DES (Data Encryption Standard) key.
This DES key can then be submitted to CloudCracker.com — a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing — where it will be decrypted in under a day.
SecureRouter.org recommends using OpenVPN instead of PPTP for just this reason.
This new tool would also bring into contention our claim that WPA2 is acceptable for WiFi security. We still stand by this claim in that WPA2 is still acceptable in most situations since an intruder would need physical access to intercept your traffic. However if you live in an apartment building, for example, this condition can easily be met and the use of an OpenVPN connection from your computer to your router would be appropriate.