MSCHAPv1 was broken 15 years ago, as you noted in your question. And it's not a matter of choosing someone's implementation over another its most serious flaws are in the protocol design and cannot be fixed. At this point nobody who cares in the least about the communications they intend to protect should be using it. (Reposted from /questions, following a user recommendation.) Or, for a home-grown VPN, do I need to I upgrade my hardware and firmware to use OpenVPN? Does it have the same vulnerabilities as PPTP/MS-CHAP did in 1997? Is this implementation of the protocol any better than it was 16yrs ago? So, the question is: Does anyone know the details of the DD-WRT implementation of PPTP? I see that PPTP Server in "v24-sp2 mini" uses "MPPE Encryption" and stores "CHAP Secrets". And there are utilities available to sniff for MS-CHAP authentication sessions and automatically extract passwords from them (L0phtCrack v2.0, released 1997). The MS implementation of PPTP (with MS-CHAP authentication) was publicly demonstrated to be cryptographically broken in 1998 (see ). This implementation was also used in many 3rd party applications designed to work with WinNT and its successors. The most popular (most widely deployed) implementation of PPTP came from Microsoft, in WinNT. PPTP is not an open, ratified standard the way that, for example, SSL/TLS is.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |