Firewall Wizards mailing list archives
Re: PPTP viability (was RE: Gauntlet & NTLM)
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Wed, 15 Oct 1997 10:51:47 -0400 (EDT)
On Tue, 14 Oct 1997, Philip Cox wrote:
I would like comments on two specific points: 1. Is PPTP a viable option for sensitive or possibly classified level encryption?
The Microsoft version is not. Microsoft Point-to-Point Encryption is very flawed, as I found out yesterday. It uses the RC4 stream cipher with the _same_ key every time. Stream ciphers can't be used like that. The 128 bit version does not do that, but enough flaws remain not to bet the company on it. (I suspect they use the same key for traffic in both directions). It would be relatively trivial to add strong encryption to PPTP, the tunneling part is probably less susceptible to attack. See ftp://www.microsoft.com/developr/rfc/ for the specs.
2. If PPTP is not, what are the other options. ( I can think of 2, encrypting routers, or code mods to support SSL)
Encrypting routers are a possibility if you're connecting remote offices. SSL is a possibility if you have source code. Several firewall manufacturers sell PC clients for their proprietary tunneling software. Ge'
Current thread:
- RE: Gauntlet & NTLM, (continued)
- RE: Gauntlet & NTLM Linwood Ferguson (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 13)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Aleph One (Oct 14)
- RE: Gauntlet & NTLM Marcus J. Ranum (Oct 14)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- RE: Gauntlet & NTLM Magossa'nyi A'rpa'd (Oct 15)
- PPTP viability (was RE: Gauntlet & NTLM) Philip Cox (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Adam Shostack (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Craig Brozefsky (Oct 15)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Jyri Kaljundi (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Kent Crispin (Oct 21)
- RE: Gauntlet & NTLM Craig Brozefsky (Oct 13)
- RE: Gauntlet & NTLM Linwood Ferguson (Oct 13)
- RE: Gauntlet & NTLM Ge' Weijers (Oct 14)
- Re: Gauntlet & NTLM (PPTP weekness) Chris Boscolo (Oct 15)
- Re: Gauntlet & NTLM (PPTP weekness) Ge' Weijers (Oct 15)
- RE: Gauntlet & NTLM Aleph One (Oct 13)
- VPN services thru firewall was: Gauntlet & NTLM Craig Brozefsky (Oct 14)