-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alex wrote: >Que falhas sÃo essas Thiago? onde posso encontrar + >informaÃÃes a respeito?
http://www.google.com/search?q=pptp+security+flaws Cabe lembrar que eu estava enganado. O problema nÃo à o PPTP -- à o Microsoft PPTP. Alguns links selecionados: FAQ: http://www.counterpane.com/pptp-faq.html NotÃcia da Counterpane: http://www.schneier.com/pptp-pressrel.html ComparaÃÃo do IPSec com PPTP: http://www.linux-mag.com/1999-10/trench_02.html Trecho da comparaÃÃo: On the other hand, Microsoft developed its own Point-to-Point Tunneling Protocol (PPTP) to do much the same thing as IPSec. They invented their own authentication protocol, their own hash functions, and their own key-generation algorithm. Every one of these items was badly flawed. Counterpane: According to Mark Chen, CTO of VeriGuard, Inc, a Menlo Park based computer security company, "The flaws in this implementation are quite amateurish." Do FAQ: 1. What did Bruce Schneier and Mudge actually do? They found security flaws in Microsoft PPTP that allow attacks to sniff passwords across the network, [...] They did not find flaws in PPTP, only in Microsoft's implementation of it. 3. How bad is it? Very. Microsoft PPTP is very broken, and there's no real way to fix it without taking the whole thing down and starting over. [...] 4. Doesn't Microsoft know better? You'd think they would. The mistakes they made are not subtle; they're "kindergarten cryptographer" mistakes. [...] 6. What's the answer? Don't use Microsoft PPTP. [...] Even better, if you are a VPN user, use IPSec. - -- Thiago Macieira - Registered Linux user #65028 thiago (AT) macieira (DOT) info ICQ UIN: 1967141 PGP/GPG: 0x6EF45358; fingerprint: E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAdsTIM/XwBW70U1gRAri4AKCLQ3afrYCXmqED3yzRIOCyrSrP9QCgtq/Z r5GuG/+oEt0uX3zcXthbSlY= =IOLu -----END PGP SIGNATURE-----
--------------------------------------------------------------------------- Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br Regras de utiliza��o da lista: http://linux-br.conectiva.com.br FAQ: http://www.zago.eti.br/menu.html
