Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)

B. Schneier and Mudge

Proceedings of the 5th ACM Conference on Communications and Computer Security, ACM Press, November 1998, to appear.

ABSTRACT: The point-to-point tunneling protocol is used to secure PPTP connections over TCP/IP links. In this paper we analyze Microsoft's Windows NT implementation of PPTP. We show how to break both the challenge/response authentication protocol (Microsoft CHAP) and the RC4 encryption protocol (MPPE), as well as how to attack the control channel in Microsoft's implementation. These attacks do not necessarily break PPTP, but only Microsoft's implementation of the protocol.

[full text - PDF (Acrobat)] [full text - postscript)] [Russian translation - HTML]

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..