According to security researchers, MS-CHAP V2 became very easy to crack, so you might want to reconsider using PPTP VPN accounts which utilize MS-CHAP V2 to authenticate users because it is insecure. I guess there is no need to remind you that most VPN service providers are using MS-CHAP v2 to authenticate PPTP VPN connections.
Using a cloud cracking service it is now possible to crack MS-CHAP v2 in a matter of hours for $20.
More on this via boingboing, cloudcraker, schneier.com
Below is the video presentation at Defcon on how insecure is PPTP MS-CHAP V2
5 thoughts on “PPTP VPN using MS-CHAP V2 is insecure”