Firewall Wizards mailing list archives
RE: PPTP (again)
From: "Stout, William" <StoutB () pioneer-standard com>
Date: Fri, 15 May 1998 13:40:35 -0400
First of all, apologies to the list and Weld for replying to the wrong list. I kept quiet since I thought no one would notice my dumb mistake ;) . Secondly, these are borderline firewall issues, and probably are more appropriate to the firewalls-list than firewall-wizards. The thread of PPTP insecurities is on the NTBUGTRAQ list. Background: Nial Smart said:
It seems to me that changing the RC4 key each packet is not enough. Consider the case where an attacker can predict a reasonably large proportion of the (unencrypted) contents of the packets going in one direction, in this case the attacker can simply XOR the ciphertexts to produce the XOR of the plaintexts, then XOR this with the plaintext he knows to produce the plaintexts of the other packet.
Weld Pond replied:
This is correct. All that spam you get for "get rich quick" scams is actually data the NSA floods mailboxes and USENET with so that they have known plaintext passing through encrypted tunnels.
Which I challenged, noting a limited number of 'wild but true' items I know about:
- a funded covert (cyberwar) project to compromise some encryption/security products for intelligence purposes (clipper contingency plan), From confidential sources internal and external to the gov't - also
makes sense, it's 'what they do', why wouldn't they?
- an overt FBI plan to compromise encryption/security products for 'law enforcement' purposes (by Lois Freeh),
http://www.jya.com/gakbill-text.htm .
- a project to place sniffers on all Internet backbones (via Janet Reno),
(CALEA) http://zeus.bna.com/e-law/docs/reno.html, http://www.usdoj.gov/ag/speeches/mar1998.htm, which was actually passed as an Act in Congress in 1994 and discussed in an International Law Enforcement Conference http://www.fbi.gov/dirspch/davos.htm.
- and a plan to put 'Mind control' elements of Psychological Warfare on Internet sites & postings (Congress, Porter Gross-R Fla.),
CIA Iraq story (password site) http://www.mercurycenter.com/premium/nation/docs/cia11.htm San Jose Mercury News "Budget cuts hobbled CIA on Iraq, lawmaker says". I did find one source for SPAM from the FBI: http://www.firstbase.com/fbi.htm . Bill Stout
Current thread:
- PPTP (again) Aleph One (May 02)
- <Possible follow-ups>
- RE: PPTP (again) Stout, William (May 13)
- RE: PPTP (again) Barney Wolff (May 14)
- RE: PPTP (again) Shane Mason (May 14)
- RE: PPTP (again) Stout, William (May 16)