VPN Gateway Security PPTP vs. L2TP-IPSEC

Discussion in 'privacy technology' started by DavidXanatos, Sep 30, 2008.

Thread Status:
Not open for further replies.
  1. DavidXanatos

    DavidXanatos Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    112
    Location:
    Viena
    Hi,
    I have a question about PPTP vs. L2TP-IPSEC VPN encryption, I know that L2TP is supposed to be better but how much better than PPTP, and is it so also when a "Preshared Key" is used instead of a Certificate?

    How critical is the Entropy of the "Preshared Key" for the security of the L2TP-IPSEC tunnel?
    Is it only needed to authenticate the server/client to prevent man in the middle attacks, or is it also related to the tunnel encryption itself so that an eavesdropper that knows the key (or can brute force it cause its to short) can decrypt the VPN traffic?
    I guess its only for authentication, but its better to ask....
     
    Last edited: Sep 30, 2008
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    David,

    The short answer is that PPTP is not encrypted. That is why you do L2TP, which can be run over IPSec which is encrypted. You want to make sure you have server authentication, otherwise any machine could stand in the middle and say "yeah, it's me". RSA + HMAC all the way.
     
Loading...
Thread Status:
Not open for further replies.