Firewall Wizards mailing list archives
RE: Gauntlet & NTLM
From: Craig Brozefsky <craig () onshore com>
Date: Mon, 13 Oct 1997 17:25:20 -0500
On Mon, 13 Oct 1997, Ge' Weijers wrote:
On Mon, 13 Oct 1997, Craig Brozefsky wrote:3. The encryption is laughable 40 bit RSA WITHOUT EVER RENEGOTIATING KEYS!!!!! This means I now have tons of data encrypted with the same lame 40 but key, and because of all the encapsulation a good percentage of that is known plaintext from the packet headers (IP/GRE/PPP/IP/TCP). 40 bit is bad enough but without key negotiation over the lifetime of the connection it's severly degraded.The key is changed every 256 packets, whenever the low byte of MPPE frame's serial number hits 0. All the keys are derived from the original (MS-)CHAP exchange, though, so you do not get perfect forward secrecy. The amount of data sent with one key is limited to 256 * MTU, a couple hundred Kbytes at the most.
Where is that documented, if anywhere? The information I read from MS website states that the key is derived from the user credentials. It's pushed thru some permutation of MD4 and there is no mention of key regeneration. Other sources, arguably competitors, state that it does not regenerate keys. The draft itself makes NO mention of encryption, so it is even less an issue now of PPTP, but more of MS's implementation, drawing us ever further into the realm of hacks and tomfoolery MS has called cryptography. Craig Brozefsky craig () onshore com onShore Inc. http://www.onshore.com/~craig Development Team p_priority=PFUN+(p_work/4)+(2*p_cash) I hear my inside, the mechanized hum of another world - Steely Dan
Current thread:
- Gauntlet & NTLM Richard Trott (Oct 13)
- <Possible follow-ups>
- RE: Gauntlet & NTLM Linwood Ferguson (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Aleph One (Oct 14)
- RE: Gauntlet & NTLM Marcus J. Ranum (Oct 14)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- RE: Gauntlet & NTLM Magossa'nyi A'rpa'd (Oct 15)
- PPTP viability (was RE: Gauntlet & NTLM) Philip Cox (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Adam Shostack (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Craig Brozefsky (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Jyri Kaljundi (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Kent Crispin (Oct 21)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)