Talk:Point-to-Point Tunneling Protocol

Computing: Networking Unassessed

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing ??? This article has not yet received a rating on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the project's importance scale. This article is supported by Networking task force (assessed as Mid-importance).

This template must be substituted. Replace {{Requested move ...}} with {{subst:Requested move ...}}.

reason=naming conventions: article title of a proper noun should be capitalized. This is an official legal name.^[1]

• e.g. Layer 2 Tunneling Protocol— Preceding unsigned comment added by Anon lynx (talk • contribs)

• Unsure. Is this really a proper noun within the meaning of WP:NC? The status as an official or legal name is not the primary question, the question rather is whether it is normally used as a proper noun. Andrewa (talk) 12:36, 27 October 2008 (UTC)[reply]

I just want t see what everyone else thinks on this link at the bottom of the article which links to a piece of software allowing users to break into a PPTP connection. The site supplying the software claims that it's meant for showing the risks of using PPTP, but in the wrong hands it could potentially be used for maliciously against a network. Personally I don't like the idea of giving this software publicity to like this.

Are long passwords a real protection?

No. Looking at the asleap code it seems that any password that can be found in a dictionary can be broken, in other words it appears to be similar in nature to cracking non-shadowed encrypted passwords from /etc/passwd. Pick a password that can't be found in a dictionary (combine letters/numbers/other characters etc.)

OK, correct me if I'm wrong, but for a start it isn't the PPTP protocol itself that is weak, but the MS-CHAPv2 protocol. Here http://blogs.zdnet.com/Ou/index.php?p=21 it is suggested that EAP-TLS with PPTP is secure.

Also, being an encyclopedia article, I think it's hardly correct to make broad unsubstantiated claims like "PPTP is broken" and it "should not be used." I'm not saying PPTP/MSCHAP is a good system, but if you want to keep NPOV then the article should be written from a neutral, factual point of view, rather than giving an opinion/advice IMHO. E.g. state that "Some people believe PPTP is insecure" and give references, or even "this study shows PPTP is insecure in certain situations" and quote the study.

It should be noted that Schneier's 1998 article is based on the outdated MS-CHAP protocol, not the newer MS-CHAPv2. He has another article on his website analysing the v2 protocol and outlining the insecurities fixed in that version.

I agree that this section is badly POV, so I have moved it to the discussion area for more work. I checked on a local network security expert, and he agreed with my assessment.

PPTP Vulnerabilities

The security of PPTP has been entirely broken and PPTP installations should be retired or upgraded to another VPN technology. The ASLEAP utility can quickly recover passwords from PPTP sessions and decrypt PPTP VPN traffic. PPTP attacks cannot be detected by the client or by the server because the exploit is passive.

The failure of PPTP as a VPN protocol is caused by cryptographic design errors in the Cisco LEAP and Microsoft MSCHAP-v2 handshake protocols, and by key length limitations in MPPE. Both LEAP and MSCHAP-v2 derive session keys from user passwords, which are cryptographically weak.

Novasource 03:07, 21 January 2006 (UTC)[reply]

Any progress on implementing this section? I'm looking forward to it! --Damsleth 08:22, 29 June 2006 (UTC)[reply]

A quote was removed by "The Tao of Mac" because a self-proclaimed computer expert (lacks appropriate security credentials) commented on PPTP in a very short 2 sentence article. Check your sources people. The previously mentioned zdnet is more objectional because they are a)in the field of security b)probably have a better understanding of it and c)contacted Microsoft about PPTP and have responded to their suggestions appropriately. The ZDnet article should be linked in the Wikipedia article. —Preceding unsigned comment added by Moosebutter (talk • contribs) 00:06, 29 April 2008 (UTC)[reply]

I am not sure that I understand the following, but it sounds like a bit of useless historical cruft:

Full MPPE support was added to the Linux 2.6.13 branch that is maintained by Andrew Morton. SuSE Linux 10 was the first Linux distribution to provide a complete working PPTP client. Official support for PPTP was added to the official kernel release in version 2.6.14 on October 28, 2005.

Perhaps a more simple up to date phrasing would sound like this:

Full MPPE support was added to the Linux version 2.6.14 on October 28. SuSE Linux 10 was the first Linux distribution to provide a complete working PPTP client. —Preceding unsigned comment added by 144.226.173.68 (talk) 19:08, 2 October 2008 (UTC)[reply]