PPTP and MS-CHAP

Posted on 2012-09-03 by jcs

Just in case there’s anyone left out there who’s still using PPTP as a VPN solution, H-Online has an article warning about serious security problems with PPTP when used with MS-CHAP. Even Microsoft is warning users about the issue. It’s really scandalous that this software is still being used. PPTP and MS-CHAP (even MS-CHAPv2) have long been known to be vulnerable to reasonably easy attacks. MS-CHAP is particularly vulnerable because it uses DES, which has a key size of only 56 bits—much too small by modern standards—that renders it susceptible to brute force attacks. Now CloudCracker offers to crack any PPTP/MS-CHAP connection within 24 hours for $200. It does this by using a specially built server with 48 FPGAs to brute force the entire 256 element keyspace.

If you’re still using PPTP, stop it. Immediately.

This entry was posted in General and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>