Analysis of Microsoft PPTP Version 2
Counterpane Labs and L0pht Heavy Industries
The full paper can be found at http://www.schneier.com/paper-pptpv2.html. Details are below.
See also: Exploiting known security holes in Microsoft's PPTP Authentication Extensions (MS-CHAPv2) by Jochen Eisinger
Since our analysis, Microsoft released an upgrade to the protocol. This upgrade is available for Windows 95, Windows 98, and Windows NT as DUN 1.3. Microsoft has made the following security upgrades to the protocol.
MPPE uses unique keys in each direction. This is to prevent the trivial cryptanalytic attack of XORing the text stream in each direction to remove the effects of the encryption.
The software is more robust against denial-of-service attacks, and does not leak as much information about its status.
These changes address most of the major security weaknesses of the orginal protocol. However, the revised protocol is still vulnerable to offline password-guessing attacks from hacker tools such as L0phtcrack. At this point we still do not recommend Microsoft PPTP for applications where security is a factor.
Press Coverage of PPTP Version 2 Crack:SmartReseller
Press Coverage of PPTP Version 1 Crack:EE Times
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.