[pptp-server] PPTP Vulnerabilities (Or are they?)

[Ray Dzek]

Please bare with me on this as I am new to the PPTP security 
model, and I am trying to understand a few points.

1)  In all my research to date, the password hash seems to be the 
biggest issue with key-pair generation.  My understanding of this is 
that as long as you force strong passwords, there is plenty of 
randomness generated for a good key-set.

2)  You should force the use of MS-CHAPv2 on the PPTP server to 
take advantage of the stronger NT handshaking procedure.

3)  Key sets are randomly generated for each session.  So, in an 
instance where you are using PPTP to support mobile users for 
"dial-up" access via the internet, even if somebody where to sniff 
enough data to get a key to crack - presumably the session would 
be over long before the key was cracked.  Since the key pair is only 
valid for the duration of the session, a hacker would have to start all 
over again for each "dial-up" session.  This leads me to believe that 
cracking keys is truly only usefull when cracking VPN's that are set 
up in a WAN environment when the connection is of long enough 
duration to actually use the cracked key pair for that session.

Thanks in advance for your replies.

Ray