Re: PPP over Ethernet?

["Michael Nelson" <mikenel () iapetus com>]

> No, actually, this is a tool that a close friend wrote while working on a
> test harness for the PPTP protocol.  It seems that MS PPTP doesn't quite
> work as advertized and it was necessary to sniff a ton of sessions to
> determine the protocol and write the state machine to interface to
> something other than Winblows as a client or server.  I suppose that
> "releasing" the crack will brings with it notoriety in the community if
> that's what you're after.  Personally, I find it more gratifying to know it
> can be done and have the prowess to do it than to provide the code to every
> bored 13y/o on the planet via anonymous ftp.
>
> > According to my Microsoft insider, "depends what the client is. If it's
> > NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the
> > LM hash, it's easy to crack. Basically the deal is that 9x clients use
> > a shitty old hash method that's really easy to sniff and crack."
>
> The session hijacked was NT<->NT.  With 3DES/Blowfish/etc freely available,


> why does MS feel the need to  _attempt_ to write their own encryption?

Who said they wrote their own encryption? They use RC4 (40 or 128 bit). The
problems deal with authentication/key management, not encryption.

-mike