On Apr 5, 2012, at 10:55 AM, Marsh Ray wrote:

> 
> Wow the crickets are deafening tonight. :-)
> 
> On 04/03/2012 02:29 PM, Marsh Ray wrote:
>> 
>> yields the complete NT hash with complexity 2^57.
>> 
>> The NT hash is a password-equivalent, and it represents the only secret
>> material that goes into the MPPE encryption key derivation.
> 
> So I point out that one of the most commonly-used VPN protocols is completely 
> ineffective and this is the reaction I get? Gee I expected more from you 
> guys. :-) It must be college basketball season or something.

Do you have statistics on that? I remember newer Microsoft and Apple operating 
systems supporting L2Sec quite well. And then there are the Cisco 
abominanations of IPSec that are quite common. But maybe not as common as SSL 
VPNs. And let's not forget OpenVPN for the geek faction. Where did you get the 
data that PPTP still is "one of the most commonly-used VPN protocols".

PPTP might be the path of least resistance in terms of setup, but I'm unsure 
about its current deployment rate.

> Perhaps I just phrased it wrong. Let me try again:
> 
> Hey yall!
> There's this here NSA backdoor still lingering around from the 1990's!
> I guess we know what they wanted that big ole datacenter now for huh?

Marsh, sorry, but that is ridiculous. A high-school kid with a couple of hard 
drives filled with rainbow tables will do as a valid stand-in for the attacker 
in your threat model. Heck, I'd guess there's even a Russian "cloud service" 
for this by now.

-Ralf
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to