Firewall Wizards mailing list archives
RE: Gauntlet & NTLM
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Mon, 13 Oct 1997 15:30:39 -0400 (EDT)
On Mon, 13 Oct 1997, Craig Brozefsky wrote:
3. The encryption is laughable 40 bit RSA WITHOUT EVER RENEGOTIATING KEYS!!!!! This means I now have tons of data encrypted with the same lame 40 but key, and because of all the encapsulation a good percentage of that is known plaintext from the packet headers (IP/GRE/PPP/IP/TCP). 40 bit is bad enough but without key negotiation over the lifetime of the connection it's severly degraded.
The key is changed every 256 packets, whenever the low byte of MPPE frame's serial number hits 0. All the keys are derived from the original (MS-)CHAP exchange, though, so you do not get perfect forward secrecy. The amount of data sent with one key is limited to 256 * MTU, a couple hundred Kbytes at the most. The TCP control connection can certainly be attacked, but I don't see how that will help the attacker in gaining access to the server side. Denial of service attacks should be relatively easy, though. Ge'
Current thread:
- Gauntlet & NTLM Richard Trott (Oct 13)
- <Possible follow-ups>
- RE: Gauntlet & NTLM Linwood Ferguson (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Aleph One (Oct 14)
- RE: Gauntlet & NTLM Marcus J. Ranum (Oct 14)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- RE: Gauntlet & NTLM Magossa'nyi A'rpa'd (Oct 15)
- PPTP viability (was RE: Gauntlet & NTLM) Philip Cox (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Adam Shostack (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Craig Brozefsky (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Jyri Kaljundi (Oct 17)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)