Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

PPTP is broken: the oldest "secret" in the industry

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Expand view Topic review: PPTP is broken: the oldest "secret" in the industry

Re: PPTP is broken: the oldest "secret" in the industry

by jlg » Tue Oct 28, 2014 10:39 am

Not really a secret has been known for some time now :-P

Only plebs who throw their money into the hype bandwaggon think PPTP is secure & safe for anonymizing connections.

PPTP is broken: the oldest "secret" in the industry

by cryptostorm_admin » Mon Jan 14, 2013 12:51 pm

Thirteen years ago, two security researchers showed that the proprietary PPTP VPN protocol was broken. Badly broken. It's still broken today.

Despite that, the first consumer-focussed VPN service - Relakks - launched with PPTP as the only VPN protocol available. Why? Simple - because it's simple. PPTP is built into Windows operating systems, because Microsoft was one of the core developers of this proprietary, non-open protocol. So a company offering VPN service doesn't have to make a new "client" application for Windows folks (and PPTP is nowadays baked into most all OS flavours, unfortunately); they can just use the existing interface at the customer OS level. So that saves work, and complexity, and makes it easy to launch a "VPN service" with next to zero technical skills or understanding.

Unfortunately, it also means that trusting customers are counting on a protocol to protect them - PPTP - that is deeply flawed. But that's how the VPN industry evolved.

To this day, many "VPN companies" continue to offer PPTP-based connections, despite the fact that - literally - a kid with an old Playstation console can brute-force the cryptographic primitives with 100% success in a matter of hours. That's because last year, even more bad news for PPTP came out: not only is the protocol broken, but now passwords used to protect it can be systematically cracked open, 100% of the time, in a few hours' time. With off the shelf tools, and not much heavy tech skills either (use of a packet sniffer and a few other such capabilities). As Bruce Schneier summarizes:
Some things never change. Thirteen years ago, Mudge and I published a paper breaking Microsoft's PPTP protocol and the MS-CHAP authentication system. I haven't been paying attention, but I presume it's been fixed and improved over the years. Well, it's been broken again.
He goes on to quote the researchers who operationalized this new attack:
ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.

This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.

The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.
Schneier is a pretty heavy hitter in the field of security research. He wrote the book, in fact. Literally - he authored Applied Cryptography, and his literary output since then has been both technically robust and widely appreciated beyond the confines of the tech ghetto. Schneier is... Schneier. To security insiders, he's one of the few people in the industry who speaks and we all listen. Always. He's not always right - but he's always well-considered and pragmatic in his analytic approach. These are super rare characteristics in this field. Schneier is a step above.

So when Schneier calls out a protocol - PPTP - as "badly broken" - over the span of more than a decade, that's not background noise. It's core knowledge. PPTP can be categorized, in Schneier's phrase, as "security theater" - it makes people feel like it is making them safer... but in fact it's not, and in giving a false sense of security, it leaves us worse off than nothing at all.

Seriously, PPTP is not a viable security tool. It might be good enough to keep the MPAA off your ass for sharing that Justin Beiber tune, but that's about it. And it might not even do that, if the MPAA goons decide they'll invest a few hours in unzipping all your "encrypted" packets on a whim. Like hiding inside a transparent building, putting your data inside PPTP is at best ignorant and at worst delusional.

PPTP isn't worth it's salt, and hasn't been for many years.

Top