What is the deal with Microsofts implementation of PPTP?
Microsoft uses an implementation of PPTP in its Windows 95/98/NT products for the creation of Virtual Private Networks (VPNs). This is supposed to allow an encrypted and security tunnel to be established between two computer systems. In June of 1998, Bruce Schneier of Counterpane Systems and Dr. Mudge of the L0pht published a paper entitled “Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol”. The paper did not find flaws with PPTP, only Microsoft’s implementation of it. Another paper was published in Phrack 53 by Aleph1 entitled “The Crumbling Tunnel” in July of 1998. Together, along with some sample code (available from the L0phtcrack download page), a number of significant flaws were brought to light. Microsoft did release some patches in August, and addressed most of the concerns. You can read about this in Qxxxxxxxx. Rather than rehash what has already been covered in these papers, we’ll just cover the remaining issues Microsoft has failed to address. Microsoft uses Mi
