Firewall Wizards mailing list archives
RE: PPTP viability (was RE: Gauntlet & NTLM)
From: "Ge' Weijers" <ge () progressive-systems com>
Date: Thu, 16 Oct 1997 11:53:15 -0400 (EDT)
Phil,
2. PPTP 128-bit (MPPE) is still flawed. (though no one has given any solid evidence to this, except to allude to the M$ track record, and current PPTP 40-bit problems)
I have a grave suspicion that MPPE uses the same key in both directions. MPPE uses RC4, a stream cipher, and it's therefor insecure, because if the two ciphertexts are exclusive-ored you get the exclusive-ored plaintexts. With a bit of guesswork an attacker can gain a lot of information. Windows NT does not have good support for security out of the box. I don't have any experience with the other products you named, I use SSH for most purposes. Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400 Columbus, OH 43220 http://www.Progressive-Systems.com
Current thread:
- RE: PPTP viability (was RE: Gauntlet & NTLM) Russ (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 17)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Ge' Weijers (Oct 21)
- <Possible follow-ups>
- Re: PPTP viability (was RE: Gauntlet & NTLM) John McDermott (Oct 17)
- Re: PPTP viability (was RE: Gauntlet & NTLM) Steve Kruse (Oct 18)
- RE: PPTP viability (was RE: Gauntlet & NTLM) Phil Cox (Oct 17)