How secure PPTP is?

2

I use my own VPS to serve as a PPTP gateway for my personal PC/laptop/android. It uses 128bit encryption, and MS-CHAPv2 for authentication.

The questions are: is it enough to secure my connection against unwanted snooping in public/company/school WiFi? How my password complexity affects the security of the encryption? And finally, is there a way to check if my packets are being encrypted?

I assume the potential attacker is only casually interested in my packets, and not out there to get me. Also, I understand that OpenVPN would be the most secure solution, but it's relatively more complex to set up, and has more configuration point of failures for someone as inexperienced as I am.

Halik

Posted 2012-02-18T11:40:18.073

Reputation: 397

In Aug '12 Microsoft recommended not to use MS-CHAPv2 http://technet.microsoft.com/en-us/security/advisory/2743314

– Dean – 2014-03-03T04:44:53.443

Answers

1

A properly keyed 128-bit encryption PPTP is far beyond the realm of casual snooping. Your password is certainly the weak point of the system.

The best thing you can do for a password is to randomly pick letters and numbers and then memorize it rather than to choose a word and then substitute letters from it (auhwJSNw12 is a much better password than Aw3s0me).

SecurityMatt

Posted 2012-02-18T11:40:18.073

Reputation: 2 857

Asked: 2012-02-18T11:40:18.073

Viewed: 1 109 times

Active: 2012-12-06T11:09:24.920