General security

The PPTP VPN protocol: Is it safe?

September 11, 2019 by Olivia Scott


It’s not an exaggeration to say that tunneling protocols make the difference between hassle-free, secure B2B commerce and absolute chaos. These essential tools create secure “tunnels” that contain encrypted data as it passes across Virtual Private Networks (VPNs).

In theory, they wrap up confidential information, keeping it safe from prying eyes. But that’s not always the case, and some common protocols have proved to be insufficient to ensure adequate protection.

Let’s look at one of those obsolete protocols: PPTP. The Point-to-Point Tunneling Protocol isn’t widely seen as a viable option by security experts these days, and with good reason. However, because it comes built into many Windows versions, it’s still regularly used by businesses on their internal and client-facing networks.

Don’t be like those businesses. Instead, there are plenty of reasons to look far beyond PPTP and choose a genuinely secure protocol that protects you and your clients’ data. Let’s find out what these reasons are.

PPTP: Some quick background

PPTP was created in the 1990s by engineers from Microsoft, Ascend and a group of mobile telecommunications providers such as Nokia. With high-speed internet expanding and e-commerce becoming mainstream, Microsoft wanted to provide Windows users with a basic tool for encrypting their data, and that’s pretty much what the team created.

Just like its predecessor PPP, PPTP works by creating data packets which form the basis of the actual tunnel. It couples this packet creation process with authentication systems to ensure that legitimate traffic is transmitted across networks. And it uses a form of encryption to scramble the data held by the packets.

PPTP acquired an official RFC specification (RFC 2637) in 1999, and it’s worth referring back to that for technical details. But to put things simply, it operates at Data Layer 2, and employs General Routing Encapsulation (GRE) as its packet creation system. Packets use IP port 47 and TCP port 1723, and the encryption standard used is Microsoft’s own MPPE.

Microsoft designed the protocol to function in everyday Windows environments, with a low footprint and high speeds. As a result, PPTP is surprisingly simple to set up on internal VPNs, and it gained a huge following among small and medium-sized enterprises in the 2000s. Some of them still rely on PPTP, but that’s not a smart move. Here’s why.

What security flaws have been identified with PPTP?

Almost from the very start of its life, PPTP has been bugged by allegations that it simply isn’t secure, and one man is primarily responsible for this reputation. In 1998, security analyst Bruce Schneier published an important paper on PPTP, and it made grisly reading for users. Or at least it should have.

According to Schneier, the protocol’s weakest point was its Challenge/Response Authentication Protocol (CHAP), closely followed by its RC4-based MPPE encryption.

Working with Mudge of hacker collective L0pht Heavy Industries, Schneier found that the hashing algorithms used in PPTP implementations were shockingly easy to crack. This could facilitate a range of eavesdropping attacks, with intruders tracking every user as they navigated corporate networks.

Problems with CHAP went deeper. As Schneier found, most implementations of PPTP gave attackers the power to pose as official servers, becoming a node for sensitive information.

Thirdly, the analysts found that the quality of PPTP’s MPPE encryption was very low, with keys that could be broken fairly easily, and a variety of ways for network managers to improperly configure systems — leading to even worse vulnerabilities.

These issues didn’t go unanswered. In fact, Microsoft updated PPTP (PPTP Version 2), which is the most common version used with Windows packages released since 2000. Again, Schneier took a look at the update, and found a few serious weaknesses.

While CHAP related problems had been addressed, Schneier judged that passwords remained a core vulnerability, leaving users at risk from password-guessing attacks. According to the analysts, this meant that the protocol was fundamentally as secure as the passwords chosen by users. In other words, its security was based on praying to avoid human error, not using the latest encryption standards.

As a result, this meant that Schneier couldn’t “recommend Microsoft PPTP for applications where security is a factor.”

Do these issues make PPTP a no-go for enterprise security?

Since the introduction of the PPTP update, these security flaws have only become more alarming. Microsoft hasn’t chosen to invest in further updates, and the world of cybercrime has moved on quickly, with off-the-shelf password hacking and eavesdropping tools that people in 1998 could only dream about.

For instance, studies have found that brute-forcing PPTP encryption has become almost trivially simple. At Defcon 2012, hacking group CloudCracker showed that MS-CHAPv2 (the updated CHAP for PPTP) could easily be gamed. There is no need to employ an array of powerful computers, and the process doesn’t take long. Sure, it requires technical knowledge, but that’s not in short supply among cybercriminals.

But what does this mean for small businesses who are using PPTP in their security environments?

In some circumstances, there may be ways to enhance the security of existing PPTP implementations. For instance, you could switch from MS-CHAP to EAP-TLS (Extensible Authentication Protocol). This uses Public Key Infrastructure (PKI) to authenticate data via a certificate-based system.

PKI isn’t for everyone. Making the switch may entail taking a performance hit, and PKI is too cumbersome for some remote working situations. Moreover, why take the risk? Instead, as Schneier and CloudCracker recommend, it makes sense to look at other tunneling protocols to base your VPN around. And it means that you may have to sacrifice ease of use for security.

Finding the right alternative to PPTP

Thankfully, the insecurity of PPTP has stimulated the development of protocols that offer much better protection against external threats. You may well have come across some of these tools when using consumer-based VPNs, but they are just as applicable to business environments.

OpenVPN is a popular choice. Offering 256-bit SSL encryption (compared to PPTP’s 128-bit encryption), OpenVPN is almost impossible to crack, as far as we know. However, it doesn’t fit seamlessly into Windows, Linux or macOS systems and will require some configuration. It often helps to bring in specialists to do this properly, as mistakes can compromise the whole venture from the start.

Aside from OpenVPN, some businesses use a mixture of IPSec and L2TP. Another Microsoft creation, this combination is much easier to implement off-the-shelf, and current PPTP users should find it fairly familiar. It’s not quite as secure as OpenVPN, but much safer than PPTP and it’s pretty quick as well.

Finally, companies that rely on remote working and mobile devices may want to check out IKEv2. It’s not the most common protocol, but IKEv2 is extremely flexible, automatically reconnecting if encryption is interrupted. Based on IPSec, it’s pretty secure and very fast when used with Android and iOS devices.

All of this means that there are viable alternatives for those who rely on PPTP. Given the vital need to safeguard customer data and the ever-present danger of cyberattacks, there’s no excuse to use obsolete technology, and plenty of upsides for businesses who take a proactive security approach.



  1. What is PPTP: all you need to know about it, VPN Pro
  2. Point-to-Point Tunneling Protocol (PPTP),
  3. Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol (PPTP), Schneier on Security
  4. Analysis of Microsoft PPTP Version 2, Schneier on Security
Posted: September 11, 2019
Articles Author
Olivia Scott
View Profile

Olivia Scott is a cybersecurity enthusiast at Her key competencies include data safety, privacy tools testing, and WordPress vulnerabilities.

Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117