Jump to content

Talk:Point-to-Point Tunneling Protocol

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 203.45.114.193 (talk) at 03:45, 3 December 2005 (Inaccuracies and NPOV). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Is PPTP insecure by design?

Are long passwords a real protection?

No. Looking at the asleap code it seems that any password that can be found in a dictionary can be broken, in other words it appears to be similar in nature to cracking non-shadowed encrypted passwords from /etc/passwd. Pick a password that can't be found in a dictionary (combine letters/numbers/other characters etc.)

Inaccuracies and NPOV

OK, correct me if I'm wrong, but for a start it isn't the PPTP protocol itself that is weak, but the MS-CHAPv2 protocol. Here http://blogs.zdnet.com/Ou/index.php?p=21 it is suggested that EAP-TLS with PPTP is secure.

Also, being an encyclopedia article, I think it's hardly correct to make broad unsubstantiated claims like "PPTP is broken" and it "should not be used." I'm not saying PPTP/MSCHAP is a good system, but if you want to keep NPOV then the article should be written from a neutral, factual point of view, rather than giving an opinion/advice IMHO. E.g. state that "Some people believe PPTP is insecure" and give references, or even "this study shows PPTP is insecure in certain situations" and quote the study.

It should be noted that Schneier's 1998 article is based on the outdated MS-CHAP protocol, not the newer MS-CHAPv2. He has another article on his website analysing the v2 protocol and outlining the insecurities fixed in that version.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Point-to-Point_Tunneling_Protocol&oldid=29982462"