1998-06-02 - Holy QPRNF, part II (Re: Counterpane Cracks MS’s PPTP)

Header Data

From: Xcott Craver <caj@math.niu.edu>
To: cypherpunks@toad.com
Message Hash: 46c9632fae87d24c2a61f53ce44de391c43f0c3f0564747ed0bb7b989a20bed8
Message ID: <Pine.SUN.3.91.980601175600.22411B-100000@baker>
Reply To: <199806012143.QAA018.23@geiger.com>
UTC Datetime: 1998-06-02 00:42:49 UTC
Raw Date: Mon, 1 Jun 1998 17:42:49 -0700 (PDT)

Raw message

From: Xcott Craver <caj@math.niu.edu>
Date: Mon, 1 Jun 1998 17:42:49 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Holy QPRNF, part II (Re: Counterpane Cracks MS's PPTP)
In-Reply-To: <199806012143.QAA018.23@geiger.com>
Message-ID: <Pine.SUN.3.91.980601175600.22411B-100000@baker>
MIME-Version: 1.0
Content-Type: text/plain



> >http://www.counterpane.com/pptp.html

	This has got to be the scariest crypto-related paper I've 
	ever read.  Detailed therein is just an unnatural amount of
	screwing up for any one company, much less one product.

	How many of us had to explain to a sci.crypt newbie why we can't 
	use the same one-time-pad string or cipher stream repeatedly?  Here
	we have Microsoft re-using RC4 keys in OUTPUT FEEDBACK MODE.  In the 
	same session, fer God's sake, you and the server both use the same
	XOR stream to encrypt?  

	This is not a subtle, excusable boo-boo.  It's not even a crypto
	mistake:  it's a basic inability to comprehend what the exclusive-or
	operation does.

	I gotta admit, my first impression was that Schneier, et al, 
	were engaging in a heapin' helpin' of MS-bashing on their page.
	Having read the paper, however, I'm now convinced that they
	brushed too (po-)lightly over some real howlers.  One might
	get the false impression that these are subtle flaws, rather
	than gaping holes from Hell.

	We gotta convince Bill to fire his crypto people, for the
	good of humanity.  I suggest we get the message across by
	sending MS a bunch of t-shirts reading, "Everything I ever
	needed to know about crypto I learned from the LANMAN hash."

							-Xcott

==-  Xcott Craver -- Caj@niu.edu -- http://www.math.niu.edu/~caj/  -==
"This is a different thing:  it's spontaneous and it's called 'wit.'"
                                                      -The Black Adder





Thread