[pptp-server] poptop encryption and security issues
Matthew Ramsay
matthewr at moreton.com.au
Tue Jun 22 20:12:29 CDT 1999
Hiya all,
Yesterday, with the help of others, I successfully connected a win98
PPTP client to my PoPToP server with 40 bit RC4 Microsoft data
encryption :-) This was with a pppd patch which supports
MSCHAP/MSCHAPv2/40 bit MPPE/128 bit MPPE.
Now to address some security issues:
First of all PoPToP relies on authentication and encryption FROM PPP!!!
none of this comes from poptop itself.
This addresses Bruce Schneier's page:
(http://www.counterpane.com/pptp-pressrel.html)
So what are the problems? from the press release page:
1. password hashing -- weak algorithms allow eavesdroppers to learn the
user's password
2. Challenge/Reply Authentication Protocol -- a design flaw allows an
attacker to masquerade as the server
3. encryption -- implementation mistakes allow encrypted data to be
recovered
4. encryption key -- common passwords yield breakable keys, even for
128-bit encryption
5. control channel -- unauthenticated messages let attackers crash PPTP
servers
1&2 are authentication issues.. MSCHAP is hopeless.. Windows clients
support PAP/CHAP/MSCHAP and in the latest releases MSCHAPv2. MSCHAPv2
supposedly *fixes* a lot of MSCHAP problems (i haven't heard much about
it yet tho..?). The pppd patch i mentioned above supports MSCHAPv2. If
you want MS Windows clients without extra 3rd party *EXPENSIVE* VPN
clients this is as good as you get.... could MSCHAPv2 possible be secure
though....? Anyone know much about MSCHAPv2's strengths (or weaknesses
:-).
3&4 address encryption issues. the pppd patch above supports 40 and 128
bit microsoft compatible encryption. I'm unsure on what implementation
mistakes MS made?? anyone? the pppd patch follows the MPPE IETFs as far
as i am aware... which are open for public scrutiny. Does the pppd patch
suffer from the same problems.. dun know..
5 is a shocker and an obvious problem and exists in the current poptop
implementation.. bad luck for now. IMO this is the only real problem
with poptop.
poptop is better than the NT pptp server.. but it does suffer from some
of the same problems. It's good enough for me though.. i started poptop
to do what it does right now! (i fear it wouldn't have got this far
without Kevin and David though :-) I doubt we will be able to improve
poptop without breaking windows client support.
Comments on MSCHAPv2 and MPPE encryption sought after.
cheers,
-matt
More information about the pptp-server
mailing list