PPTP VPN authentication protocol proven very susceptible to attack | ZDNet

This is a six year old article I just stumbled across while researching certifications.  If you are using a pure PPTP with nothing but user passwords for authentication, it’d be well worth taking a few steps to make it more secure.

ASLEAP was created in 2003 by Joshua Wright to prove that a password based authentication system like Cisco LEAP is not a secure because of one glaring weakness, it relies on humans to memorize strong passwords. Eight months later in mid 2004 after Cisco had a chance to release an updated protocol to LEAP, Joshua released ASLEAP on to SourceForge. PPTP is a Microsoft VPN protocol published as an RFC in 1999 for secure remote access. In recent years, it has grown to be used in many Microsoft based networks, firewall appliances, and even pure Linux and Open Source environments. Strictly speaking, there never was anything technically wrong with the LEAP or PPTP MSCHAPv2 authentication protocol since they both worked as advertised. Both Cisco and Microsoft warned from the very beginning that strong passwords must be employed when using password based authentication schemes. Unfortunately, strong passwords or even strong pass phrases are simply incompatible with most Homo sapiens and if you force the issue, they will go out of their way to make it easy by writing passwords down on a sticky note and taping it to their monitor. Since strong passwords are rarely implemented in practice, you have a situation where the product simply isn’t safe enough to protect us from ourselves. As Bruce Schneier likes to say, “any password you can reasonably expect a user to remember can be brute forced or guessed”. ASLEAP just happens to make that point abundantly clear since it had the ability to scan through a 4 GB pre-computed password hash table at a rate of 45 million passwords a second using a common desktop computer. This new version of ASLEAP not only adds PPTP compatibility, but also extends maximum database size to 4 Terabytes and the ability to scan live off the air using a Wireless LAN card and a regular sniffer in Microsoft Windows. As a result, Wireless LAN hotspots have just became deadly to PPTP authentication and those who use PPTP to substitute for real Datalink layer Wireless LAN security aren’t spared either and are wide open to password cracking.

via PPTP VPN authentication protocol proven very susceptible to attack | ZDNet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s