Just in case there’s anyone left out there who’s still using PPTP as a VPN solution, H-Online has an article warning about serious security problems with PPTP when used with MS-CHAP. Even Microsoft is warning users about the issue. It’s really scandalous that this software is still being used. PPTP and MS-CHAP (even MS-CHAPv2) have long been known to be vulnerable to reasonably easy attacks. MS-CHAP is particularly vulnerable because it uses DES, which has a key size of only 56 bits—much too small by modern standards—that renders it susceptible to brute force attacks. Now CloudCracker offers to crack any PPTP/MS-CHAP connection within 24 hours for $200. It does this by using a specially built server with 48 FPGAs to brute force the entire 256 element keyspace.
If you’re still using PPTP, stop it. Immediately.