|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PPP over Ethernet?
>No, actually, this is a tool that a close friend wrote while working on a >test harness for the PPTP protocol. It seems that MS PPTP doesn't quite >work as advertized and it was necessary to sniff a ton of sessions to >determine the protocol and write the state machine to interface to >something other than Winblows as a client or server. I suppose that >"releasing" the crack will brings with it notoriety in the community if >that's what you're after. Personally, I find it more gratifying to know it >can be done and have the prowess to do it than to provide the code to every >bored 13y/o on the planet via anonymous ftp. > >>According to my Microsoft insider, "depends what the client is. If it's >>NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the >>LM hash, it's easy to crack. Basically the deal is that 9x clients use >>a shitty old hash method that's really easy to sniff and crack." > >The session hijacked was NT<->NT. With 3DES/Blowfish/etc freely available, >why does MS feel the need to _attempt_ to write their own encryption? Who said they wrote their own encryption? They use RC4 (40 or 128 bit). The problems deal with authentication/key management, not encryption. -mike |