PPTP Secure?

Zeller, Tom S zeller at INDIANA.EDU
Wed Aug 30 17:36:09 EDT 2000


PPTP using MS-Chap V2 has some security weaknesses, but it would take a
fairly advanced user to crack the encrypted stream.  the weakness stems from
the fact that ms-chap v2 uses the user's password as the encryption key,
which of course is infinitely more crackable than a 40-digit random number.
you can read details on pptp in general at

http://www.win2000mag.com/Articles/Index.cfm?ArticleID=5188&pg=2

and for MS-Chap in particular, v1 versus v2:

http://www.counterpane.com/pptpv2-paper.html

Tom Zeller
Telecommunications Division
Indiana University
Bloomington, IN
zeller at indiana.edu

-----Original Message-----
From: Sandy Harris [mailto:sandy at STORM.CA]
Sent: Wednesday, August 30, 2000 1:10 PM
To: VPN at SECURITYFOCUS.COM
Subject: Re: PPTP Secure?


Patrick Bryan wrote:
>
> Can someone tell me, for day to day business use, is M$'s PPTP v2.0
> implementation secure?

No.
http://www.counterpane.com/pptp.html

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list