From: Xcott Craver <caj@math.niu.edu>
To: Brad Kemp <kemp@indusriver.com>
Message Hash: 69333a683d052206d34644b2a74756ecd5e3bfbd6c8ee2a6043ae4e387d9abeb
Message ID: <Pine.SUN.3.91.980602151156.23889A-100000@baker>
Reply To: <3.0.3.32.19980602090947.0317cc10@pop3.indusriver.com>
UTC Datetime: 1998-06-02 23:31:53 UTC
Raw Date: Tue, 2 Jun 1998 16:31:53 -0700 (PDT)
From: Xcott Craver <caj@math.niu.edu>
Date: Tue, 2 Jun 1998 16:31:53 -0700 (PDT)
To: Brad Kemp <kemp@indusriver.com>
Subject: Re: Counterpane Cracks MS's PPTP
In-Reply-To: <3.0.3.32.19980602090947.0317cc10@pop3.indusriver.com>
Message-ID: <Pine.SUN.3.91.980602151156.23889A-100000@baker>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 2 Jun 1998, Brad Kemp wrote:
> It is possible to recover all the clear text from a PPTP session,
> even if most of the traffic is going in one direction only.
> The failure is in MPPE. When MPPE gets a sequenceing error, it
> resets the key. This causes the cipher stream to be reset. It is
> partially covered in section 5.4.
I really think the XOR weaknesses deserve as much publicity
as possible, because they are IMHO the simplest to exploit,
and the result of the dumbest mistakes.
So far we have three: 40-bit RC4 uses the same key with every
session (!!), the client and server seems to encrypt with the same
key stream going both ways (!!!), and then this resequencing
attack.
Are all three of these fixed? The certainly aren't
"theoretical."
==- Xcott Craver -- Caj@niu.edu -- http://www.math.niu.edu/~caj/ -==
"This is a different thing: it's spontaneous and it's called 'wit.'"
-The Black Adder
Return to June 1998
Return to “Xcott Craver <caj@math.niu.edu>”