Android, Linux VPN
Michael Hipp
Michael at hipp.com
Sun Jun 5 10:21:24 PDT 2011
On 6/3/2011 1:28 PM, James McDonald wrote:
> I Googled about PPTP to try and figure out why they say its insecure and
> while many people parrot that its insecure. There was very little as to
> exactly why its so bad.
>
> If you or anyone has such a resource I would be interested.
Sorry, took me a while to find the original article I had read. Here's
where I started from (note this is talking about Linux):
"It should be noted that PPTP has some security flaws and is considered
deprecated."
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration
Which leads to...
http://pptpclient.sourceforge.net/protocol-security.phtml
Most of the stuff that comes up when you google "pptp insecure" relates
to the 1990s version delivered by MS. The MS-CHAP stuff of that era is
known to be very insecure. But some sources seem to suggest that even
from MS anything as new as W2k is fine.
So the information above from dd-wrt.com is puzzling as that's a Linux
source. Seems odd that Android, iOS, and Mac OSX would include something
so insecure.
Wikipedia talks about it somewhat, but doesn't seem to clear up the matter.
http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security_of_the_PPTP_protocol
(lots of links there to the original work by Bruce Schneier)
If someone could sort this all out and tell me the answer I'd be grateful.
Michael
More information about the Linux-users
mailing list