[pptp-server] PPTP Protocol insecurity
Pete Starzewski
pstarzew at gbp.com
Tue Jul 24 08:06:07 CDT 2001
Dear fellows, ;-)
I know that this discussion might be really held a 1000 times
but since I read an article regarding the possible
MSCHAPv2 exploit today, I'd like to ask you people
for your opinion.
The paper I read is:
http://mopo.informatik.uni-freiburg.de/pptp_mschapv2/
It is in English so go ahead.
It describes how relatively easy MSCHAPv2 might be
exploited. So the question that I have to you is:
Do you worry about it? What do you tell your customers
and are there good or any alternatives? Ok we could
put some firewall rules in front of it but that's
not a solution for most of the dialup-users.
We could use PPTP on top of IPSEC (like freeswan) but
that's not really "smooth" and I never tried this
with a Mac. The problem why we don't want to use
IPSEC thingies is because of the easy to use PPTP
features (like assigning IP-addresses, DNS and whatever).
Anyone?
Regards,
Sascha
Sascha,
Yes. It is a risk, but not necessarily because it is MS. Any kind of
password authentication has the same set of risks. That is one of the
reasons that IPSEC does not use user/password combinations to authenticate
peers.
I don't think anyone here is saying that PoPToP has a superior
authentication/security scheme. I think the most common reason to use
PoPToP is that it is.... A) cheap B) the client is built into MS products
which eliminates the need to install client software on all the peers. C)
Designed more specifically for Client to Network connections.
Just about all of the IPSEC Dists. I've seen are specifically for Network
to Network ie FreeSWAN, CISCO Intel et al. Yes, they do have clients you
can load on PCs, but from what I have seen they are cumbersome and leave
something to be desired in the performance area.
The paper you linked to was interesting for some of the assumptions it
makes. As far as I can tell, PoPToP is NOT restricted to 8 characters for
a password (and contrary to the authors assumptions, most UNIX isn't and
hasn't been for quite a while). I'm not sure what the limitation on
Windows is. If they are using the C2 standards, it should be 250.
It looks like the author's equations are exponential, therefore if you
doubled the password length from 8 chars to 16 chars you would go from 16
hours of computing time to 256 hours. This assumes they are correct in the
first place.
All in all, any security is only as good as the people that administer
it. Enforce password restrictions, monitor your servers and use a good
firewall.
I'll get off my soap box now.
Pete
More information about the pptp-server
mailing list