Closed yuvadm closed 12 years ago
IMHO removing ALL references may be an error. Maybe leave a notice saying that it is an unsecure protocol?
Presumably this cos of the MS-CHAPv2 single DES break?
If so then it may be worth while mentioning that PEAP-MSCHAPv2 has the same problem with securing wireless networks, tho admittadly thats slightly drifting off topic from what i understand the point of the book to be.
Thanks for the contribution. On Oct 8, 2012 6:23 PM, "Jasper Wallace" notifications@github.com wrote:
Presumably this cos of the MS-CHAPv2 single DES break?
If so then it may be worth while mentioning that PEAP-MSCHAPv2 has the same problem with securing wireless networks, tho admittadly thats slightly drifting off topic from what i understand the point of the book to be.
— Reply to this email directly or view it on GitHubhttps://github.com/cryptoparty/handbook/issues/4#issuecomment-9233273.
Just to explain a bit more about this issue, this is the relevant blog post:
https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
Please remove PPTP other than a warning of why not to use it and how to evaluate a VPN provider that offers it. If such a provider offers say, OpenVPN, IPSEC with certs and PPTP, the other solutions may be fine but that they offer it is probably a bad sign.
Per https://twitter.com/marshray/status/255277780495917056 remove all mentions of PPTP as it as an unsecure protocol.