Skip to content

Remove all mentions of PPTP #4

Closed
yuvadm opened this Issue Oct 8, 2012 · 5 comments

4 participants

@yuvadm
CryptoParty member
yuvadm commented Oct 8, 2012

Per https://twitter.com/marshray/status/255277780495917056 remove all mentions of PPTP as it as an unsecure protocol.

@samthetechie
CryptoParty member

IMHO removing ALL references may be an error. Maybe leave a notice saying that it is an unsecure protocol?

@JasperWallace

Presumably this cos of the MS-CHAPv2 single DES break?

If so then it may be worth while mentioning that PEAP-MSCHAPv2 has the same problem with securing wireless networks, tho admittadly thats slightly drifting off topic from what i understand the point of the book to be.

@samthetechie
CryptoParty member
@JasperWallace

Just to explain a bit more about this issue, this is the relevant blog post:

https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

@ioerror
ioerror commented Oct 9, 2012

Please remove PPTP other than a warning of why not to use it and how to evaluate a VPN provider that offers it. If such a provider offers say, OpenVPN, IPSEC with certs and PPTP, the other solutions may be fine but that they offer it is probably a bad sign.

@yuvadm yuvadm was assigned Oct 9, 2012
@pettter pettter added a commit to pettter/handbook that referenced this issue Oct 15, 2012
@pettter pettter Clarify mentions of PPTP to discourage its use (solves issue #4) 5ffe8fa
@yuvadm yuvadm closed this Oct 15, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.