On Apr 5, 2012, at 5:51 10PM, James A. Donald wrote:

> On 2012-04-05 6:55 PM, Marsh Ray wrote:
> > So I point out that one of the most commonly-used VPN protocols is
> > completely ineffective and this is the reaction I get? Gee I expected
> > more from you guys. :-)
> >
> > Perhaps I just phrased it wrong. Let me try again:
> >
> > Hey yall!
> > There's this here NSA backdoor still lingering around from the 1990's!
> > I guess we know what they wanted that big ole datacenter now for huh?
> 
> One of the most commonly-used VPN protocols is completely ineffective. Also, 
> the pope is Catholic, and bears shit in the wood.
> 
> When I set up a vpn, what usually happens is that the package offers me two 
> protocols, one that it deprecates as insecure (MS PPTP), and openvpn
> 
> The setup info or the web page tells me that MS PPTP has the great advantage 
> that it is built in to Microsoft, and the great disadvantage that it is not 
> secure.
> 
> So I think that pretty much everyone has already heard that MS PPTP is 
> insecure.  Every time I set up a vpn, I am re-reminded, just in case.


"Don't use cryptographic overkill.  Even bad crypto is usually the strong part 
of the system."  Adi Shamir, 1995.  
(http://www.ieee-security.org/Cipher/ConfReports/conf-rep-Crypto95.html)

                --Steve Bellovin, https://www.cs.columbia.edu/~smb





_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to