On Apr 5, 2012, at 5:51 10PM, James A. Donald wrote: > On 2012-04-05 6:55 PM, Marsh Ray wrote: > > So I point out that one of the most commonly-used VPN protocols is > > completely ineffective and this is the reaction I get? Gee I expected > > more from you guys. :-) > > > > Perhaps I just phrased it wrong. Let me try again: > > > > Hey yall! > > There's this here NSA backdoor still lingering around from the 1990's! > > I guess we know what they wanted that big ole datacenter now for huh? > > One of the most commonly-used VPN protocols is completely ineffective. Also, > the pope is Catholic, and bears shit in the wood. > > When I set up a vpn, what usually happens is that the package offers me two > protocols, one that it deprecates as insecure (MS PPTP), and openvpn > > The setup info or the web page tells me that MS PPTP has the great advantage > that it is built in to Microsoft, and the great disadvantage that it is not > secure. > > So I think that pretty much everyone has already heard that MS PPTP is > insecure. Every time I set up a vpn, I am re-reminded, just in case.
"Don't use cryptographic overkill. Even bad crypto is usually the strong part of the system." Adi Shamir, 1995. (http://www.ieee-security.org/Cipher/ConfReports/conf-rep-Crypto95.html) --Steve Bellovin, https://www.cs.columbia.edu/~smb _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
