[2634] in cryptography@c2.net mail archive
Re: Is PPTP cryptographically secure?
daemon@ATHENA.MIT.EDU (David Jablon)
Tue May 5 15:13:48 1998
Date: Tue, 05 May 1998 09:35:59 -0400
To: Aleph One <aleph1@nationwide.net>, Vin McLellan <vin@shore.net>
From: David Jablon <dpj@world.std.com>
Cc: "NT Security Listserv" <ntsecurity@iss.net>, cryptography@c2.net,
Windows NT BugTraq Mailing List <NTBUGTRAQ@listserv.ntbugtraq.com>
In-Reply-To: <v04003a03b16fc55bc61c@[198.115.179.81]>
I'm glad to see some public discussion of the weaknesses of
challenge/response authentication for passwords.
C.R.A.P. should be replaced with protocols that don't expose
passwords to dictionary attack. For stronger alternatives,
see <http://world.std.com/~dpj/links.html>.
The apparent mis-application of RC4 here too just seems like
icing on the cake for hackers.
------------------------------------
David Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>
