RE: Gauntlet & NTLM

[Aleph One <aleph1 () dfw net>]

On Mon, 13 Oct 1997, Craig Brozefsky wrote:

> Where is that documented, if anywhere?  The information I read from MS 
> website states that the key is derived from the user credentials.  It's 
> pushed thru some permutation of MD4 and there is no mention of key 
> regeneration.  Other sources, arguably competitors, state that it does 
> not regenerate keys.  The draft itself makes NO mention of encryption, so 
> it is even less an issue now of PPTP, but more of MS's implementation,
> drawing us ever further into the realm of hacks and tomfoolery MS has 
> called cryptography.

I dont know where the perticular apropiate draft or RFC is but the reason
the draft mentions no encryption is because its not it's job to do so.
PPTP uses PPP's security extensions to encrypt the tunnel. You should
be looking at the PPP RFC's or drafts.

> Craig Brozefsky              craig () onshore com
> onShore Inc.                 http://www.onshore.com/~craig
> Development Team             p_priority=PFUN+(p_work/4)+(2*p_cash)
> I hear my inside, the mechanized hum of another world - Steely Dan

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01