Home / server / Questions / 222357
Accepted
larry
Asked: 2011-01-14 23:58:50 +0800 CST

Protocol Security With PPTP

  • 772

I find these words in pptp client source :

Summary

                                                     by Peter Mueller

PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. The maintainers of PPTP Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead.

(Posted on [1]2005-08-10 to the [2]mailing list)

But as far as i know, there are many people use PPTP as a VPN, because there is no need to install client on windows, what do you think about pptp ?

vpn pptp

1 Answers

  1. Best Answer

    as far as i know, the problems were mainly due to insecure password algorithms being used. as long as you stay away from weak passwords and older algorithms you should be fine.

    as Bruce Schneier put it in his Analysis:

    Microsoft has improved PPTP to correct the major security weaknesses de- scribed in [SM98]. However, the fundamental weakness of the authentication and encryption protocol is that it is only as secure as the password chosen by the user.

    ...

    it seems imprudent for Microsoft to continue to rely on the security of passwords. Our hope is that PPTP continues to see a decline in use as IPSec becomes more prevalent.

    • 3