PPTP VPN using MS-CHAP V2 is insecure

According to security researchers, MS-CHAP V2 became very easy to crack, so you might want to reconsider using PPTP VPN accounts which utilize MS-CHAP V2 to authenticate users because it is insecure. I guess there is no need to remind you that most VPN service providers are using MS-CHAP v2 to authenticate PPTP VPN connections.
Using a cloud cracking service it is now possible to crack MS-CHAP  v2 in a matter of hours for $20.

More on this via boingboing, cloudcraker, schneier.com

Below is the video presentation at Defcon on how insecure is PPTP MS-CHAP V2

5 thoughts on “PPTP VPN using MS-CHAP V2 is insecure”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.