1998-06-02 - Re: Counterpane Cracks MS’s PPTP

Header Data

From: Xcott Craver <caj@math.niu.edu>
To: Brad Kemp <kemp@indusriver.com>
Message Hash: 69333a683d052206d34644b2a74756ecd5e3bfbd6c8ee2a6043ae4e387d9abeb
Message ID: <Pine.SUN.3.91.980602151156.23889A-100000@baker>
Reply To: <3.0.3.32.19980602090947.0317cc10@pop3.indusriver.com>
UTC Datetime: 1998-06-02 23:31:53 UTC
Raw Date: Tue, 2 Jun 1998 16:31:53 -0700 (PDT)

Raw message

From: Xcott Craver <caj@math.niu.edu>
Date: Tue, 2 Jun 1998 16:31:53 -0700 (PDT)
To: Brad Kemp <kemp@indusriver.com>
Subject: Re: Counterpane Cracks MS's PPTP
In-Reply-To: <3.0.3.32.19980602090947.0317cc10@pop3.indusriver.com>
Message-ID: <Pine.SUN.3.91.980602151156.23889A-100000@baker>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jun 1998, Brad Kemp wrote:

> It is possible to recover all the clear text from a PPTP session,
> even if most of the traffic is going in one direction only.
> The failure is in MPPE.  When MPPE gets a sequenceing error, it
> resets the key.  This causes the cipher stream to be reset.  It is
> partially covered in section 5.4.

	I really think the XOR weaknesses deserve as much publicity 
	as possible, because they are IMHO the simplest to exploit,
	and the result of the dumbest mistakes.

	So far we have three:  40-bit RC4 uses the same key with every 
	session (!!), the client and server seems to encrypt with the same
	key stream going both ways (!!!), and then this resequencing
	attack.

	Are all three of these fixed?  The certainly aren't 
	"theoretical." 

==-  Xcott Craver -- Caj@niu.edu -- http://www.math.niu.edu/~caj/  -==
"This is a different thing:  it's spontaneous and it's called 'wit.'"
                                                      -The Black Adder

Thread

• Return to June 1998

• Return to “Alan <alan@ctrl-alt-del.com>”
• Return to “Brad Kemp <kemp@indusriver.com>”
• Return to “Chris Wedgwood <chris@cybernet.co.nz>”
• Return to “Dark Knight <DarkKnight@Elitehackers.org>”
• Return to ““Iain Collins” <icollins@scotland.net>”
• Return to “Jim Tatz <jtatz@chemistry.ohio-state.edu>”
• Return to “John Young <jya@pipeline.com>”
• Return to ““Paul H. Merrill” <paulmerrill@acm.org>”
• Return to “Ryan Anderson <ryan@michonline.com>”
• Return to ““William H. Geiger III” <whgiii@invweb.net>”

• Return to “Xcott Craver <caj@math.niu.edu>”

• 1998-06-01 (Mon, 1 Jun 1998 10:33:08 -0700 (PDT)) - Counterpane Cracks MS’s PPTP - John Young <jya@pipeline.com>
  • 1998-06-01 (Mon, 1 Jun 1998 14:38:44 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - “William H. Geiger III” <whgiii@invweb.net>
    • 1998-06-02 (Mon, 1 Jun 1998 17:42:49 -0700 (PDT)) - Holy QPRNF, part II (Re: Counterpane Cracks MS’s PPTP) - Xcott Craver <caj@math.niu.edu>
    • 1998-06-02 (Mon, 1 Jun 1998 22:23:25 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Alan <alan@ctrl-alt-del.com>
    • 1998-06-02 (Tue, 2 Jun 1998 04:16:03 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Chris Wedgwood <chris@cybernet.co.nz>
  • 1998-06-02 (Mon, 1 Jun 1998 20:24:24 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Chris Wedgwood <chris@cybernet.co.nz>
    • 1998-06-02 (Tue, 2 Jun 1998 08:20:43 -0700 (PDT)) - RE: Counterpane Cracks MS’s PPTP - “Iain Collins” <icollins@scotland.net>
      • 1998-06-02 (Tue, 2 Jun 1998 09:37:48 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - “Paul H. Merrill” <paulmerrill@acm.org>
      • 1998-06-02 (Tue, 2 Jun 1998 16:10:10 -0700 (PDT)) - WinNT C2? - Jim Tatz <jtatz@chemistry.ohio-state.edu>
        • 1998-06-02 (Tue, 2 Jun 1998 16:51:48 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
          • 1998-06-03 (Tue, 2 Jun 1998 17:14:27 -0700 (PDT)) - Re: WinNT C2? - Jim Tatz <jtatz@chemistry.ohio-state.edu>
            • 1998-06-03 (Tue, 2 Jun 1998 18:22:02 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
          • 1998-06-03 (Tue, 2 Jun 1998 17:42:52 -0700 (PDT)) - Re: WinNT C2? - Dark Knight <DarkKnight@Elitehackers.org>
            • 1998-06-03 (Tue, 2 Jun 1998 18:46:20 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
              • 1998-06-03 (Tue, 2 Jun 1998 21:32:09 -0700 (PDT)) - Re: WinNT C2? - Dark Knight <DarkKnight@Elitehackers.org>
        • 1998-06-02 (Tue, 2 Jun 1998 16:54:58 -0700 (PDT)) - Re: WinNT C2? - Ryan Anderson <ryan@michonline.com>
  • 1998-06-02 (Tue, 2 Jun 1998 06:09:55 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Brad Kemp <kemp@indusriver.com>
    • 1998-06-02 (Tue, 2 Jun 1998 16:31:53 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Xcott Craver <caj@math.niu.edu>