Firewall Wizards mailing list archives
RE: PPTP viability (was RE: Gauntlet & NTLM)
From: Russ <Russ.Cooper () rc on ca>
Date: Thu, 16 Oct 1997 06:51:20 -0400
The Microsoft version is not. Microsoft Point-to-Point Encryption is very flawed, as I found out yesterday. It uses the RC4 stream cipher with the _same_ key every time. Stream ciphers can't be used like that.
The 40-bit version of MPPE (Microsoft Point-to-Point Encryption) uses an obfuscated version of the user's password hashed using the LanManager method as a session key. There is no challenge/response here, hence the value will be identical every time its used. (since w95 and lower don't do c/r, this is the only method they'd understand).
The 128 bit version does not do that
The 128-bit version does do challenge/response, as well as the NT method of hashing, so the session key will be different every time. The challenge, used with the hash to create the session key, should also be different every time and should be generated according to normal CHAP challenge generation rules.
but enough flaws remain not to bet the company on it. (I suspect they use the same key for traffic in both directions).
Probably true, however I wonder which key is used when callback is enabled with Routing and RAS. L2TP is available for use with NT 5.0 beta 1 from the same ftp://ftp.microsoft.com/developr/rfc directory. Cheers, Russ
Current thread:
- RE: PPTP viability (was RE: Gauntlet & NTLM) Russ (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 21)
- <Possible follow-ups>
- Re: PPTP viability (was RE: Gauntlet & NTLM) John McDermott (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Steve Kruse (Oct 18)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)