Sidebar: MS-PPTP Security

• Several security problems with MS-PPTP

  • Keys are not 128 bits in length, as advertised
  • Uses RAS "shared secret" encryption
    • Shared secret is the password hash, which is very weak
  • Poorly designed control channel leaves server open to attack
  • Encryption can be disabled via the "You Are Now in France" attack

Previous slide

Next slide

Back to first slide

View graphic version