Index: options.pptp

===================================================================

RCS file: /cvsroot/pptpclient/pptp-linux/options.pptp,v

retrieving revision 1.3

diff -u -r1.3 options.pptp

--- options.pptp	26 Mar 2006 23:11:05 -0000	1.3

+++ options.pptp	30 Aug 2012 12:38:36 -0000

@@ -33,17 +33,25 @@

 # Encryption

 # (There have been multiple versions of PPP with encryption support,

-# choose with of the following sections you will use.  Note that MPPE

+# choose which of the following sections you will use.  Note that MPPE

 # requires the use of MSCHAP-V2 during authentication)

+#

+# Note that using PPTP with MPPE and MSCHAP-V2 should be considered

+# insecure:

+# http://marc.info/?l=pptpclient-devel&m=134372640219039&w=2

+# https://github.com/moxie0/chapcrack/blob/master/README.md

+# http://technet.microsoft.com/en-us/security/advisory/2743314

 # http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras

 # ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o

+# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module

+# is not allowed and PPTP-MPPE is not available.

 # {{{

 # Require MPPE 128-bit encryption

 #require-mppe-128

 # }}}

-# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec

+# http://mppe-mppc.alphacron.de/ fork from PPP project by Jan Dubiec

 # ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o

 # {{{

 # Require MPPE 128-bit encryption