Don’t use PPTP, and don’t use IPSEC-PSK either (via: CloudCracker blog)
Posted by jpluimers on 2013/06/24
A while ago, I had to connect to secure data over PPTP.
It reminded me of this post from about a year ago: via Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate (now archived at the wayback machine).
Their main point:
MS-CHAPv2 can be cracked within less than a day (and that time will only get less).
Their short conclusion “basically PPTP is dead, and IPSEC-PSK is worse” leads to the recommendation:
This leaves either an OpenVPN configuration, or IPSEC in certificate rather than PSK mode.
- All users and providers of PPTP VPN solutions should immediately start migrating to a different VPN protocol. PPTP traffic should be considered unencrypted.
- Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else.
In many cases, larger enterprises have opted to use IPSEC-PSK over PPTP. While PPTP is now clearly broken, IPSEC-PSK is arguably worse than PPTP ever was for a dictionary-based attack vector. PPTP at least requires an attacker to obtain an active network capture in order to employ an offline dictionary attack, while IPSEC-PSK VPNs in aggressive mode will actually hand out hashes to any connecting attacker.
In terms of currently available solutions, deploying something securely requires some type of certificate validation. This leaves either an OpenVPN configuration, or IPSEC in certificate rather than PSK mode.