1998-06-02 - Re: Counterpane Cracks MS’s PPTP
Header Data
From: Brad Kemp <kemp@indusriver.com>
To: cypherpunks@toad.com
Message Hash: 7b9090c3cd19150b0fa7e7de7cacbc92e522489be57c87bbb89c17026b21bcd8
Message ID: <3.0.3.32.19980602090947.0317cc10@pop3.indusriver.com>
Reply To: <Version.32.19980601122218.00fbc410@pop.pipeline.com>
UTC Datetime: 1998-06-02 13:09:55 UTC
Raw Date: Tue, 2 Jun 1998 06:09:55 -0700 (PDT)
Raw message
From: Brad Kemp <kemp@indusriver.com>
Date: Tue, 2 Jun 1998 06:09:55 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Counterpane Cracks MS's PPTP
In-Reply-To: <Version.32.19980601122218.00fbc410@pop.pipeline.com>
Message-ID: <3.0.3.32.19980602090947.0317cc10@pop3.indusriver.com>
MIME-Version: 1.0
Content-Type: text/plain
This is a good paper. It covered almost all of the failures of MS PPTP.
However, I think it missed a big one.
It is possible to recover all the clear text from a PPTP session,
even if most of the traffic is going in one direction only.
The failure is in MPPE. When MPPE gets a sequenceing error, it
resets the key. This causes the cipher stream to be reset. It is
partially covered in section 5.4 .
Since RC4 is a stream cipher, it generates the same
cipher stream for a given key. This cipher stream is XORed with the clear
text.
To recover the clear text, an attacker just needs to force a
resyncronization by
sending a packet that has a bogus coherency count.
If the attacker captures the original stream and the resynchronized stream
a simple XOR of the two streams results in an XOR of the cleartext.
While compression does make it harder to determine what the cleartext is,
It is likely that a determined attacker can decrypt and decompress the
XORed result.
Brad
Brad Kemp
Indus River Networks, Inc. BradKemp@indusriver.com
31 Nagog Park 978-266-8122
Acton, MA 01720 fax 978-266-8111
Thread
Return to June 1998
- Return to “Alan <alan@ctrl-alt-del.com>”
- Return to “Brad Kemp <kemp@indusriver.com>”
- Return to “Chris Wedgwood <chris@cybernet.co.nz>”
- Return to “Dark Knight <DarkKnight@Elitehackers.org>”
- Return to ““Iain Collins” <icollins@scotland.net>”
- Return to “Jim Tatz <jtatz@chemistry.ohio-state.edu>”
- Return to “John Young <jya@pipeline.com>”
- Return to ““Paul H. Merrill” <paulmerrill@acm.org>”
- Return to “Ryan Anderson <ryan@michonline.com>”
- Return to ““William H. Geiger III” <whgiii@invweb.net>”
Return to “Xcott Craver <caj@math.niu.edu>”
- 1998-06-01 (Mon, 1 Jun 1998 10:33:08 -0700 (PDT)) - Counterpane Cracks MS’s PPTP - John Young <jya@pipeline.com>
- 1998-06-01 (Mon, 1 Jun 1998 14:38:44 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - “William H. Geiger III” <whgiii@invweb.net>
- 1998-06-02 (Mon, 1 Jun 1998 17:42:49 -0700 (PDT)) - Holy QPRNF, part II (Re: Counterpane Cracks MS’s PPTP) - Xcott Craver <caj@math.niu.edu>
- 1998-06-02 (Mon, 1 Jun 1998 22:23:25 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Alan <alan@ctrl-alt-del.com>
- 1998-06-02 (Tue, 2 Jun 1998 04:16:03 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Chris Wedgwood <chris@cybernet.co.nz>
- 1998-06-02 (Mon, 1 Jun 1998 20:24:24 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Chris Wedgwood <chris@cybernet.co.nz>
- 1998-06-02 (Tue, 2 Jun 1998 08:20:43 -0700 (PDT)) - RE: Counterpane Cracks MS’s PPTP - “Iain Collins” <icollins@scotland.net>
- 1998-06-02 (Tue, 2 Jun 1998 09:37:48 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - “Paul H. Merrill” <paulmerrill@acm.org>
- 1998-06-02 (Tue, 2 Jun 1998 16:10:10 -0700 (PDT)) - WinNT C2? - Jim Tatz <jtatz@chemistry.ohio-state.edu>
- 1998-06-02 (Tue, 2 Jun 1998 16:51:48 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
- 1998-06-03 (Tue, 2 Jun 1998 17:14:27 -0700 (PDT)) - Re: WinNT C2? - Jim Tatz <jtatz@chemistry.ohio-state.edu>
- 1998-06-03 (Tue, 2 Jun 1998 18:22:02 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
- 1998-06-03 (Tue, 2 Jun 1998 17:42:52 -0700 (PDT)) - Re: WinNT C2? - Dark Knight <DarkKnight@Elitehackers.org>
- 1998-06-03 (Tue, 2 Jun 1998 18:46:20 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
- 1998-06-03 (Tue, 2 Jun 1998 21:32:09 -0700 (PDT)) - Re: WinNT C2? - Dark Knight <DarkKnight@Elitehackers.org>
- 1998-06-03 (Tue, 2 Jun 1998 18:46:20 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
- 1998-06-03 (Tue, 2 Jun 1998 17:14:27 -0700 (PDT)) - Re: WinNT C2? - Jim Tatz <jtatz@chemistry.ohio-state.edu>
- 1998-06-02 (Tue, 2 Jun 1998 16:54:58 -0700 (PDT)) - Re: WinNT C2? - Ryan Anderson <ryan@michonline.com>
- 1998-06-02 (Tue, 2 Jun 1998 16:51:48 -0700 (PDT)) - Re: WinNT C2? - “William H. Geiger III” <whgiii@invweb.net>
- 1998-06-02 (Tue, 2 Jun 1998 08:20:43 -0700 (PDT)) - RE: Counterpane Cracks MS’s PPTP - “Iain Collins” <icollins@scotland.net>
- 1998-06-02 (Tue, 2 Jun 1998 06:09:55 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Brad Kemp <kemp@indusriver.com>
- 1998-06-02 (Tue, 2 Jun 1998 16:31:53 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - Xcott Craver <caj@math.niu.edu>
- 1998-06-01 (Mon, 1 Jun 1998 14:38:44 -0700 (PDT)) - Re: Counterpane Cracks MS’s PPTP - “William H. Geiger III” <whgiii@invweb.net>