PPTP

Warning: The information on this page is outdated and may not be accurate anymore.

Point-To-Point Tunnelling Protocol. A common urban myth is that PPTP is insecure, due to weaknesses in its initial implementation and to the fact that it relies on the user password.

Most of the issues have been fixed in MS-CHAPv2 and MPPE, but IPSec vendors gloss over that as they try to sell you their latest (and often non-standard) solutions.

• Poptop with ppp-2.4.1 and kernel 2.4.18

• Exploiting known security holes in Microsoft’s PPTP Authentication Extensions (MS-CHAPv2) (PDF, which basically boils down to “choose strong passwords”. This article only covers attacks on 8-character passwords with a limited character set)
• Crypto analysis of PPTP and MPPE (v.2)
• Crypto analysis of PPTP and MPPE (v.1, obsolete)

None listed.

• IPSec
• L2TP
• MPPE
• MS-CHAPv2