[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Holy QPRNF, part II (Re: Counterpane Cracks MS's PPTP)




> >http://www.counterpane.com/pptp.html

	This has got to be the scariest crypto-related paper I've 
	ever read.  Detailed therein is just an unnatural amount of
	screwing up for any one company, much less one product.

	How many of us had to explain to a sci.crypt newbie why we can't 
	use the same one-time-pad string or cipher stream repeatedly?  Here
	we have Microsoft re-using RC4 keys in OUTPUT FEEDBACK MODE.  In the 
	same session, fer God's sake, you and the server both use the same
	XOR stream to encrypt?  

	This is not a subtle, excusable boo-boo.  It's not even a crypto
	mistake:  it's a basic inability to comprehend what the exclusive-or
	operation does.

	I gotta admit, my first impression was that Schneier, et al, 
	were engaging in a heapin' helpin' of MS-bashing on their page.
	Having read the paper, however, I'm now convinced that they
	brushed too (po-)lightly over some real howlers.  One might
	get the false impression that these are subtle flaws, rather
	than gaping holes from Hell.

	We gotta convince Bill to fire his crypto people, for the
	good of humanity.  I suggest we get the message across by
	sending MS a bunch of t-shirts reading, "Everything I ever
	needed to know about crypto I learned from the LANMAN hash."

							-Xcott

==-  Xcott Craver -- [email protected] -- http://www.math.niu.edu/~caj/  -==
"This is a different thing:  it's spontaneous and it's called 'wit.'"
                                                      -The Black Adder