RE: PPTP (again)

["Shane Mason" <Shane_Mason () securecomputing com>]

Even if it were possible that it were true, what would it gain the NSA?  If
we are talking about two-way encrypted sessions (rather than encrypted
e-mail), then, if the encryption is worth using, the session key is updated
every few minutes, using a signed Diffie-Hellman or some other secured
exchange mechanism.  Two-way communication between known parties would not
be suceptible to this method of attack.

Even the NSA can't break IDEA, or blowfish, or even RC4-128 in an
afternoon.  They would need a few weeks at least, and the data should be
old by then.  Also, how would they pass data through an encrypted tunnel
that is unique between the two communicating parties?

ICMan




If a great number of security gurus question the security of PPTP, that
by definition makes PPTP an untrusted encryption protocol.
> ----- Original Message -----
> From:   Weld Pond [SMTP:weld () L0PHT COM]
<snip>
> This is correct.  All that spam you get for "get rich quick" scams is
> actually data the NSA floods  mailboxes and USENET with so that they
> have known plaintext passing through encrypted tunnels.
You forgot the smiley.  Surely you jest.
There exists:
- a funded covert (cyberwar) project to compromise some
encryption/security products for intelligence purposes (clipper
contingency plan),
- an overt FBI plan to compromise encryption/security products for 'law
enforcement' purposes (by Lois Freeh),
- a project to place sniffers on all Internet backbones (via Janet
Reno),
- and a plan to put 'Mind control' elements of Psychological Warfare on
Internet sites & postings (Congress, Porter Gross-R Fla.),
but SPAM from the NSA?  Nah!  Too far fetched even for me.
Bill Stout
______________________________________________________________________
Proud member of Hillarys' right wing conspiracy.