Microsoft’s implementation of point to point tunneling protocol (PPTP) does not work as advertised, and virtual private networks built on it are bound to be insecure. But consultants are divided over how serious the system’s shortcomings are. Cryptographer and CEO of Counterpane Systems, Bruce Schneier, says he discovered at least five potentially disastrous flaws in NT’s version of PPTP. For a start, this PPTP does not adequately encrypt passwords transmitted over a network. One way this is commonly done is to add a number between 0 and say, 60,000, to the password before encrypting it. Microsoft adds a number between 0 and 255, making it much easier for a hacker to recover someone else’s password. Another problem is that the US version of Microsoft’s PPTP uses the same keystream for incoming and outgoing messages, meaning a hacker can use the two messages to cancel the encryption out. Yet another is a too-trusting control channel which a hacker could intercept and use to control the machines at either end of the connection. Any one of these problems could make a VPN built on Microsoft’s PPTP totally insecure and open to all comers. In an FAQ published on his site at www.counterpane.com, Schneier elaborates: The encryption is used in a way that completely negates its effectiveness. The documentation claims 128-bit keys, even though nothing remotely close to that key length is actually used. Passwords are protected by hash functions so badly that most can be easily recovered. And the control channel is so sloppily designed that anyone can cause a Microsoft PPTP server to go belly up. Microsoft really doesn’t care about security, Schneier told ComputerWire, they design stuff internally with no peer review. What people don’t understand is that secrecy is not the same as security. This system was secure until someone looked at it. PPTP security doesn’t do anything it’s advertised to do. If you don’t care about security, you can use it to run your VPN; otherwise, don’t, he said. Bruce is just reporting what we’ve been saying for months now, says Russ Cooper, a security consultant who runs the mailing list and web site NTBugtraq. Cooper adds that Microsoft released a fix that addresses many of the points that have been raised. I do not feel it is as strong as IPSec, he concedes. But if PPTP has the market space of small organizations without company-critical data to transfer, it might be a cost-effective solution. You won’t get NSA security, but it’s better than no security at all. Others take a darker view. Given what I’ve read about the problems in PPTP, I don’t think anyone should use it for a VPN solution, says University of Auckland computer scientist and crypto expert Peter Gutmann. Anyone can monitor data on the network, inject their own data into the link and basically tell both sides what to do, he added. Microsoft’s NT product manager Kevin Kean did not return our calls.
