Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PPTP viability (was RE: Gauntlet & NTLM)

From: "Ge' Weijers" <ge () progressive-systems com>
Date: Wed, 15 Oct 1997 10:51:47 -0400 (EDT)
On Tue, 14 Oct 1997, Philip Cox wrote:


I would like comments on two specific points:

1. Is PPTP a viable option for sensitive or possibly classified level
encryption?


The Microsoft version is not. Microsoft Point-to-Point Encryption is
very flawed, as I found out yesterday. It uses the RC4 stream cipher
with the _same_ key every time. Stream ciphers can't be used like
that. The 128 bit version does not do that, but enough flaws remain not
to bet the company on it. (I suspect they use the same key for traffic
in both directions). It would be relatively trivial to add strong
encryption to PPTP, the tunneling part is probably less susceptible to
attack. 

See ftp://www.microsoft.com/developr/rfc/ for the specs.


2. If PPTP is not, what are the other options. ( I can think of 2,
encrypting routers, or code mods to support SSL)


Encrypting routers are a possibility if you're connecting remote
offices. SSL is a possibility if you have source code.

Several firewall manufacturers sell PC clients for their proprietary
tunneling software.

Ge'
Previous By Date Next
Previous By Thread Next

Current thread: