PPTP has become obsolete

author David Wibergh, about Online Privacy

PPTP has become obsolete

What is PPTP?

PPTP stands for Point-to-Point Tunneling Protocol and was created with the help of Microsoft in the 1990s. It is a continuation of PPP and comes preinstalled on all versions of Windows since Windows 95. It was officially added into the Linux kernel on the 28th of October 2005.

Why is PPTP not secure?

The history of PPTP is filled with flaws that have been detected by security experts. The first incident happened back in 1998, when Bruce Schneier & Mudge published[1] their findings regarding the authentication protocol MS-CHAPv1. The flaws that were found included:

  • Hashing of passwords
  • Vulnerability in the case of man-in-the-middle (MITM) attacks.
  • Encryption – the possibility to decrypt data being sent through the protocol

Following the report made by Bruce Schneier, Microsoft released an update of the authentication protocol, named MS-CHAPv2. However, it didn’t take long before Bruce Schneier & Mudge published[2] an essay detailing the security flaws in the new protocol.

In conclusion, MS-CHAPv2 will only be as secure as the password is in itself. This is problematic since it means that MS-CHAPv2 is vulnerable to, for example, dictionary attacks.

In 2012, it was revealed[3] that a brute-force attack on MS-CHAPv2 has the complexity of just 256, meaning only one single DES key.

How do you intercept PPTP?

Since the complexity is just 256, it is very simple to brute-force the password and gain access to intercept all network traffic in plain text. Using the chapcrack application[4], you can intercept a network for every MS-CHAPv2 ’handshakes’.

When the application finds a ‘handshake’, it can show all kinds of interesting information, such as user name, known plain text, and two known cipher texts, and it can also crack the third DES key.

It will also show you a token that you can use on CloudCracker[5]. CloudCracker will brute-force the password in less than 24 hours, giving you the password, allowing you to continue intercepting the network traffic in plain text using chapcrack.

The traffic that is passing through PPTP can in other words be seen as plain text. This means that VPN providers offering PPTP is offering a service that anyone can decrypt.

So why is PPTP still being used?

There are mainly two reasons why PPTP is still being used.

  1. PPTP has come preinstalled on most operating systems for a long time.
  2. It’s easy to get started. Nothing needs to be installed.

What can you do to increase the security?

The first thing you should do is to avoid PPTP altogether. Even Microsoft[6] has gone as far as to say that you shouldn’t use PPTP. OpenVPN[7] is the most secure alternative as far as VPN tunnels go.

Unfortunately, there is not a whole lot you can do if you’ve already purchased a PPTP subscription by another VPN provider that doesn’t want to change to OpenVPN.

What you can do is ask your provider what kind of authentication protocol they are using for PPTP. EAP-TLS[8] is regarded as the most secure authentication protocol for PPTP to date. If your VPN provider is using EAP-TLS, you can sleep a little bit better at night, but the best alternative remains to be switching to OpenVPN.


[1] https://www.schneier.com/paper-pptp.pdf
[2] https://www.schneier.com/paper-pptpv2.html
[3] https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
[4] https://github.com/moxie0/chapcrack
[5] https://www.cloudcracker.com/
[6] https://technet.microsoft.com/library/security/2743314
[7] https://openvpn.net/index.php/open-source.html
[8] http://technet.microsoft.com/en-us/library/cc739638(WS.10).aspx