Counterpane Cracks MS's PPTP

Xcott Craver caj at math.niu.edu
Tue Jun 2 16:31:53 PDT 1998


On Tue, 2 Jun 1998, Brad Kemp wrote:

> It is possible to recover all the clear text from a PPTP session,
> even if most of the traffic is going in one direction only.
> The failure is in MPPE.  When MPPE gets a sequenceing error, it
> resets the key.  This causes the cipher stream to be reset.  It is
> partially covered in section 5.4.

	I really think the XOR weaknesses deserve as much publicity 
	as possible, because they are IMHO the simplest to exploit,
	and the result of the dumbest mistakes.

	So far we have three:  40-bit RC4 uses the same key with every 
	session (!!), the client and server seems to encrypt with the same
	key stream going both ways (!!!), and then this resequencing
	attack.

	Are all three of these fixed?  The certainly aren't 
	"theoretical." 

==-  Xcott Craver -- Caj at niu.edu -- http://www.math.niu.edu/~caj/  -==
"This is a different thing:  it's spontaneous and it's called 'wit.'"
                                                      -The Black Adder







More information about the cypherpunks-legacy mailing list