On Wed, Jan 09, 2002 at 12:01:09PM -0600, Greg Scott wrote: > What I don't understand is, how does the security work? I think the > two tunnel endpoints are supposed to authenticate eachother with the > TCP port 1723 packets, but what do the Linux systems use for a shared > secret? I would use this all over the place if I felt good about its > security. If you want the gory details on the (in)security of it, go to Google and search for "pptp mudge counterpane". The first link you get should be a security audit of PPtP at counterpane.com done by Mudge of L0pht.com fame and Bruce Schneier, author of Applied Cryptography and Secrets and Lies (as well as both having general Internet recognition in security). The paper deals mostly with MS-CHAP2 which is the authentication protocol Microsoft uses in its PPTP stuff. For those who don't like PDFs, the HTML version can be seen (as rendered by Google) at (one line): http://www.google.com/search?q=cache:fKZC3BSAczQC:www.counterpane.com/pptp.pdf+pptp+mudge+counterpane+pdf&hl=en -- Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/
