Firewall Wizards mailing list archives
Re: Gauntlet & NTLM (PPTP weekness)
From: Chris Boscolo <chris.boscolo () watchguard com>
Date: Tue, 14 Oct 1997 11:51:11 -0700
Ge' Weijers wrote:
MPPE is somewhat flawed: - 40 bit encryption is not enough for high security - MD4 has been successfully cryptanalized, though that research may not be relevant because MD4 is not used as a MAC here - if the key is ever compromized all old traffic can be decrypted MPPE it is not trivial to crack, though. RC4 is a decent cipher, known weak keys are avoided, and the key is changed at regular intervals. I would not recommend it to customers who are afraid of (industrial) espionage by wealthy competitors, though, especially not the 40-bit version. It all depends on what you're trying to protect. Ge'
One thing to note, the cipher alone is not what makes an encryption protocol good or bad. MPPE has an interesting weekness for man-in-the-middle type attacks. Here's the scoop. With RC4 the data is XOR'd with the pseudo-random sequence seeded with the password. If you encrypt two blocks of data with a reinitialized RC4 context, and you can make some guess at the original data, you can decrypt the second block, and every block following. (if they too were ecrypted with a reinitialized context. The way mppe deals with this is by sending a coherency count with each packet. So, when you receive a packet you check its coherency count, and if it is one greater than the last packet received, then you use your existing RC4 context. This is safe. The problem arises if a packet is dropped. When this happens, the receiver of the packet sends back a CCP Reset-Request. The sender then reinitialzes its RC4 context. There are a couple of ways to attack based on this. One is that you could forge CCP Reset-Requests back to a client, causing it to continue to send packets out with a reinitialized RC4 context. - chrisb -- Chris Boscolo chris.boscolo () WatchGuard com WatchGuard Technologies (206) 521-8348
Current thread:
- RE: Gauntlet & NTLM, (continued)
- RE: Gauntlet & NTLM Marcus J. Ranum (Oct 14)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- RE: Gauntlet & NTLM Magossa'nyi A'rpa'd (Oct 15)
- PPTP viability (was RE: Gauntlet & NTLM) Philip Cox (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Adam Shostack (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Craig Brozefsky (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Jyri Kaljundi (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Kent Crispin (Oct 21)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- Re: Gauntlet & NTLM (PPTP weekness) Chris Boscolo (Oct 15)
- Re: Gauntlet & NTLM (PPTP weekness) Ge' Weijers (Oct 15)
- RE: Gauntlet & NTLM Aleph One (Oct 13)
- VPN services thru firewall was: Gauntlet & NTLM Craig Brozefsky (Oct 14)