PPTP Secure?

Brad Kemp kemp at INDUSRIVER.COM
Wed Aug 30 17:08:32 EDT 2000


Ptrick
It all depends upon your threat model.  If you are trying to protect data
from a well funded government agency,
the answer is no. PPTP V2 is vulnerable to offline password attacks, the
control channel is cleartext, there is no
forward secrecy, there is no packet integrity checks, it may allow for
version rollback attacks, and other flaws.
I do not know what your day to day business entails, therefore I cannot say
if it is secure enough for you.
Read the papers on the flaws in PPTP and decide if the level of protection
it provides is sufficient at
http://www.counterpane.com/pptp.html

Brad

At 09:00 AM 8/30/00 -0500, Patrick Bryan wrote:
>Can someone tell me, for day to day business use, is M$'s PPTP v2.0
>implementation secure?
>
>VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list