Abstract
The Point-to-Point Tunneling Protocol (PPTP) is used to secure PPP connections over TCP/IP link. In response to [SM98], Microsoft released extensions to the PPTP authentication mechanism (MS-CHAP), called MS-CHAPv2. We present an overview of the changes in the authentication and encryption-key generation portions of MS-CHAPv2, and assess the improvements and remaining weaknesses in Microsoft’s PPTP implementation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
S.M. Bellovin and M. Merritt, “Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks,” Proceedings of the IEEE Symposium on Research in Security and Privacy, May 1992, pp. 72–84.
S.M. Bellovin and M. Merritt, “Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise,” AT&T Bell Laboratories, 1994.
J. Gilmore, Ed., Cracking DES. The Electronic Frontier Foundation, San Francisco, CA, O’Reilly and Associates, 1998.
K. Hamzeh, G.S. Pall, W. Verthein, J. Taarud, and W.A. Little, “Point-to-Point Tunneling Protocol,” Internet Draft, IETF, Jul 1997. http://www.ietf.org/internet-drafts/draft-ietf-pppext-pptp-10.txt.
M.E. Hellman, “A cryptanalytic time-memory trade-off,” IEEE Transactions on Information Theory, vol.IT-26, no.4, July 1980, p.401–406.
D. Jablon, “Strong Password-Only Authenticated Key Exchange,” ACM Computer Communications Review, Oct 96, pp. 5–26.
D. Jablon, “Extended Password Key Exchange Protocols Immune to Dictionary Attacks,” Proceedings of the Sixth Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE Computer Society, 1997, pp. 248–255.
L0pht Heavy Industries, Inc., “A L0phtCrack Technical Rant,” Jul 1997. http://www.l0pht.com/l0phtcrack/rant.html.
L0pht Heavy Industries, Inc, L0phtcrack, 1999, http://www.l0pht.com/l0phtcrack/.
Microsoft Corporation, Advanced Windows NT Concepts, New Riders Publishing, 1996. Relevant chapter at http://www.microsoft.com/communications/nrpptp.htm.
Microsoft Corporation, “Point-to-Point Tunneling Protocol (PPTP) Frequently Asked Questions,” Jul 1996.
Microsoft Corporation, “Frequently Asked Questions about Microsoft VPN Security,” Dec 1998, http://www.microsoft.com/NTServer/commserv/deployment/moreinfo/VPNSec_FAQ.asp
Microsoft Corporation, “Microsoft Windows 95 Dial-Up Networking 1.3 Upgrade Release Notes,” 1998, http://support.microsoft.com/support/kb/articles/q154/0/91.asp
Microsoft, Corporation, “Windows 98 Dial-Up Networking Security Upgrade Release Notes,” Feb 1999, http://support.microsoft.com/support/kb/articles/Q189/7/71.asp.
National Institute of Standards and Technology, “Secure Hash Standard,” U.S. Department of Commerce, May 1993.
G.S. Pall and G. Zorn, “Microsoft Point-to-Point Encryption (MPPE) Protocol,” Network Working Group, Internet Draft, IETF, Mar 1998. http://www.ietf.org/internet-drafts/draft-ietf-pppext-mppe-03.txt.
R. Rivest, “The MD4 Message Digest Algorithm,” Advances in Cryptology— CRYPTO’90 Proceedings, Springer-Verlag, 1991, pp. 303–311.
A. Roos, “Weak Keys in RC4,” sci.crypt post, 22 Sep 1995.
W. Simpson, “The Point-to-Point Protocol (PPP),” NetworkWorking Group, STD 51, RFC 1661, Jul 1994. ftp://ftp.isi.edu/in-notes/rfc1661.txt.
B. Schneier, Applied Cryptography, 2nd Edition, John Wiley & Sons, 1996.
B. Schneier and Mudge, “Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol (PPTP),” Proceedings of the 5th ACM Conference on Communications and Computer Security, ACM Press, pp. 132–141. http://www.counterpane.com/pptp.html.
D. Wagner, “Re: Weak Keys in RC4,” sci.crypt post, 25 Sep 1995. http://www.cs.berkeley.edu/daw/my-posts/my-rc4-weak-keys.
T. Wu, “The Secure Remote Password Protocol,” Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, Mar 1998, pp. 97–111.
G. Zorn and S. Cobb, “Microsoft PPP CHAP Extensions,” Network Working Group Internet Draft, Mar 1998. http://www.ietf.org/internet-drafts/draftietf-pppext-mschap-00.txt.
G. Zorn, “Deriving MPPE Keys from MS-CHAP V1 Credentials,” Network Working Group Internet Draft, Sep 1998. http://www.ietf.org/internetdrafts/draft-ietf-pppext-mschapv1-keys-00.txt.
G. Zorn, “Deriving MPPE Keys from MS-CHAP V2 Credentials,” NetworkWorking Group Internet Draft, Nov 1998. http://www.ietf.org/internetdrafts/draft-ietf-pppext-mschapv2-keys-02.txt.
G. Zorn, “Microsoft PPP CHAP Extensions, Version 2,” Network Working Group Internet Draft, Apr 1999. http://www.ietf.org/internet-drafts/draftietf-pppext-mschap-v2-03.txt.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schneier, B., Mudge, Wagner, D. (1999). Cryptanalysis of Microsoft’s PPTP Authentication Extensions (MS-CHAPv2). In: Secure Networking — CQRE [Secure] ’ 99. CQRE 1999. Lecture Notes in Computer Science, vol 1740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46701-7_17
Download citation
DOI: https://doi.org/10.1007/3-540-46701-7_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66800-8
Online ISBN: 978-3-540-46701-4
eBook Packages: Springer Book Archive