Honestly, it's been years since I messed with VPNs and I have not done
methodical research. I suspect VPN industry studies are likely to to be
skewed by selection bias (IT departments who are likely to spend spend
money on a real VPN).

Here's why I think PPTP is still in common use.

* PPTP is supported by Windows XP without any special client software.
So is L2TP/IPsec PSK, but that's not the kind of VPN that users log in
to. Most other solutions seem to involve the admin setting up a PKI
infrastructure. We all know how much fun that is.

* There's a plethora of HOWTO pages for VPNs that use PPTP. E.g.
http://www . chicagotech . net/vpnsetup.htm

* Some sources even treat PPTP as synonymous with VPNs:
http://www . sevenforums .
com/tutorials/4517-virtual-private-network-vpn-enable-incoming-vpn-connections.html
"How to Configure your Computer to Accept Incoming VPN Connections in
Windows 7 [...] Information This will show you how to configure your
computer to accept VPN connection and router settings to allow
Point-to-Point Tunneling Protocol (PPTP) on your Network in Windows 7."

* http://bandwidthcontroller . com/applicationPorts.html
"This table lists the ports used by some of the more popular applications."
PPTP is listed, L2TP/IPsec is not even mentioned.

* http://whatismyipaddress . com/vpn-service
"PPTP is the most common VPN protocol. It uses TCP port 1723 and Generic
Routing Encapsulation (GRE) to secure packets. The main advantage of
PPTP is that all major operating systems and many smartphones can
natively use PPTP without any additional software."

* http://www.wilderssecurity.com/showpost.php?p=1565325&postcount=19
"I'm reading and the only thing I've come across is that MS CHAP v1 is
badly broken and MS CHAP v2 is susceptible to dictionary attacks because
the keys are derived deterministically from the password."

* http://www.sans.org/security-resources/malwarefaq/pptp-vpn.php
Yes, it was a bit silly I admit :-)
I disagree.

There are users who are careful to choose really good passwords. There
are smart folks who are expecting this protocol to provide security
equivalent to the password, at least up to 128 bits. I have talked with
a few of them.

Here's a random example from the web:

http://www . net . princeton . edu/vpn/pptp.html
"If you connect using MS-CHAPv2 and are using a weak password, attackers
can use this tool to discover your password. As this tool relies on a
dictionary search, it should be possible to defend against it by
selecting an extremely strong OIT Windows password."

- Marsh

Perhaps we're overlooking the fact that vast majority of Small & Medium Business VPN implementations are done by hassled IT people, not security experts who care enough to sign up for encryption mailing lists.

Perhaps someone should Scan The Internet(TM) for PPTP (1723/TCP). I assure you it's still very much alive.

Edit: Just did a string search on Shodan (free account) and it returned 240 results for "pptp." Keep in mind that's just in http/ftp server headers/banners, snmp attributes, etc. SFAIK it doesn't index other ports.

PS People "know" passwords are insecure too, but 'password1' is everywhere.

--
bk

"Don't use cryptographic overkill. Even bad crypto is usually the strong part of the system." Adi Shamir, 1995. (http://www.ieee-security.org/Cipher/ConfReports/conf-rep-Crypto95.html)

--Steve Bellovin, https://www.cs.columbia.edu/~smb