Am Di, den 04.05.2004 schrieb Gary Stainburn um 14:43: > > However, if you search the net, you will find MANY documents telling you why > you should not do this. PPTP is a VERY insecure method. > Hey, I never told anybody to use PPTP. In fact, I usually tell people to use OpenVPN or IPSec. > (Sorry bit I can't cite anything specific here as it's a while since I > investigated this stuff - I decided on the more restrictive but more secure > port forwarding over SSH. (Other methods are available. No guarantee is > provided either implied..........you know what I mean)). short: http://www.schneier.com/pptp.html long: http://www.schneier.com/paper-pptpv2.html Quote: "7 Conclusions Microsoft has improved PPTP to correct the major security weaknesses described in [SM98]. However, the fundamental weakness of the authentication and encryption protocol is that it is only as secure as the password chosen by the user." Ok, it all depends on the password (and not on keys or certs). Now take a look at: http://mopo.informatik.uni-freiburg.de/pptp_mschapv2/pptp_mschapv2.html Quote: "Conclusions While testing this software, we used a dictionary of about three gigabytes containing about 74 million words. Equipped with this, we were able to derive all passwords used in our test network in about four hours. It is true that dictionary attacks tend to fail on good passwords, but it is enough to have one password to break into a system. The step to gaining root access (or doing any other kind of abuse) from there is small." So I fully agree with you, Garry: Everybody, please do not use pptp. It might be sufficient for a dialup with your laptop, but I would not dare using it for a production system. Christoph
