1998-06-02 - Holy QPRNF, part II (Re: Counterpane Cracks MS’s PPTP)

Header Data

From: Xcott Craver <caj@math.niu.edu>
To: cypherpunks@toad.com
Message Hash: 46c9632fae87d24c2a61f53ce44de391c43f0c3f0564747ed0bb7b989a20bed8
Message ID: <Pine.SUN.3.91.980601175600.22411B-100000@baker>
Reply To: <199806012143.QAA018.23@geiger.com>
UTC Datetime: 1998-06-02 00:42:49 UTC
Raw Date: Mon, 1 Jun 1998 17:42:49 -0700 (PDT)

Raw message

From: Xcott Craver <caj@math.niu.edu>
Date: Mon, 1 Jun 1998 17:42:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Holy QPRNF, part II (Re: Counterpane Cracks MS's PPTP)
In-Reply-To: <199806012143.QAA018.23@geiger.com>
Message-ID: <Pine.SUN.3.91.980601175600.22411B-100000@baker>
MIME-Version: 1.0
Content-Type: text/plain



> >http://www.counterpane.com/pptp.html

	This has got to be the scariest crypto-related paper I've 
	ever read.  Detailed therein is just an unnatural amount of
	screwing up for any one company, much less one product.

	How many of us had to explain to a sci.crypt newbie why we can't 
	use the same one-time-pad string or cipher stream repeatedly?  Here
	we have Microsoft re-using RC4 keys in OUTPUT FEEDBACK MODE.  In the 
	same session, fer God's sake, you and the server both use the same
	XOR stream to encrypt?  

	This is not a subtle, excusable boo-boo.  It's not even a crypto
	mistake:  it's a basic inability to comprehend what the exclusive-or
	operation does.

	I gotta admit, my first impression was that Schneier, et al, 
	were engaging in a heapin' helpin' of MS-bashing on their page.
	Having read the paper, however, I'm now convinced that they
	brushed too (po-)lightly over some real howlers.  One might
	get the false impression that these are subtle flaws, rather
	than gaping holes from Hell.

	We gotta convince Bill to fire his crypto people, for the
	good of humanity.  I suggest we get the message across by
	sending MS a bunch of t-shirts reading, "Everything I ever
	needed to know about crypto I learned from the LANMAN hash."

							-Xcott

==-  Xcott Craver -- Caj@niu.edu -- http://www.math.niu.edu/~caj/  -==
"This is a different thing:  it's spontaneous and it's called 'wit.'"
                                                      -The Black Adder

Thread

• Return to June 1998

• Return to “Alan <alan@ctrl-alt-del.com>”
• Return to “Brad Kemp <kemp@indusriver.com>”
• Return to “Chris Wedgwood <chris@cybernet.co.nz>”
• Return to “Dark Knight <DarkKnight@Elitehackers.org>”
• Return to ““Iain Collins” <icollins@scotland.net>”
• Return to “Jim Tatz <jtatz@chemistry.ohio-state.edu>”
• Return to “John Young <jya@pipeline.com>”
• Return to ““Paul H. Merrill” <paulmerrill@acm.org>”
• Return to “Ryan Anderson <ryan@michonline.com>”
• Return to ““William H. Geiger III” <whgiii@invweb.net>”

• Return to “Xcott Craver <caj@math.niu.edu>”

• 1998-06-01 (Mon, 1 Jun 1998 10:33:08 -0700 (PDT)) - Counterpane Cracks MS’s PPTP - John Young <jya@pipeline.com>
  • 1998-06-01 (Mon, 1 Jun 1998 14:38:44 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - “William H. Geiger III” <whgiii@invweb.net>
    • 1998-06-02 (Mon, 1 Jun 1998 17:42:49 -0700 (PDT)) - Holy QPRNF, part II (Re: Counterpane Cracks MS’s PPTP) - Xcott Craver <caj@math.niu.edu>
    • 1998-06-02 (Mon, 1 Jun 1998 22:23:25 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Alan <alan@ctrl-alt-del.com>
    • 1998-06-02 (Tue, 2 Jun 1998 04:16:03 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Chris Wedgwood <chris@cybernet.co.nz>
  • 1998-06-02 (Mon, 1 Jun 1998 20:24:24 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Chris Wedgwood <chris@cybernet.co.nz>
    • 1998-06-02 (Tue, 2 Jun 1998 08:20:43 -0700 (PDT)) - RE: Counterpane Cracks MS’s PPTP - “Iain Collins” <icollins@scotland.net>
      • 1998-06-02 (Tue, 2 Jun 1998 09:37:48 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - “Paul H. Merrill” <paulmerrill@acm.org>
      • 1998-06-02 (Tue, 2 Jun 1998 16:10:10 -0700 (PDT)) - WinNT C2? - Jim Tatz <jtatz@chemistry.ohio-state.edu>
        • 1998-06-02 (Tue, 2 Jun 1998 16:51:48 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
          • 1998-06-03 (Tue, 2 Jun 1998 17:14:27 -0700 (PDT)) - Re: WinNT C2? - Jim Tatz <jtatz@chemistry.ohio-state.edu>
            • 1998-06-03 (Tue, 2 Jun 1998 18:22:02 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
          • 1998-06-03 (Tue, 2 Jun 1998 17:42:52 -0700 (PDT)) - Re: WinNT C2? - Dark Knight <DarkKnight@Elitehackers.org>
            • 1998-06-03 (Tue, 2 Jun 1998 18:46:20 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
              • 1998-06-03 (Tue, 2 Jun 1998 21:32:09 -0700 (PDT)) - Re: WinNT C2? - Dark Knight <DarkKnight@Elitehackers.org>
        • 1998-06-02 (Tue, 2 Jun 1998 16:54:58 -0700 (PDT)) - Re: WinNT C2? - Ryan Anderson <ryan@michonline.com>
  • 1998-06-02 (Tue, 2 Jun 1998 06:09:55 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Brad Kemp <kemp@indusriver.com>
    • 1998-06-02 (Tue, 2 Jun 1998 16:31:53 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Xcott Craver <caj@math.niu.edu>