On Thu, Sep 13, 2001 at 10:56:16AM +0800, Ian C. Sison wrote:
>
> Why is it ineffectual? As long as the VPN connection is encrypted and
> does not allow snooping by external sources, then the solution is well
> provided for, i believe.
>
Read an analysis of the protocol:
http://www.counterpane.com/pptp-paper.html
and
http://www.counterpane.com/pptpv2-paper.html
for the details. Bruce Schneier has even gone so far as to call the
Microsoft implementation of PPTP "kindergarten cryptography"...
The VPN connection may be encrypted, alright, but the encryption keys
used are ultimately derived from the user's password. And we all know
how small the amount of entropy in particular password is.... PPTPv1
was even worse in this respect; it used the RC4 encryption algorithm
in such a way as to almost completely negate the use of such
cryptography.
One thing I think you have failed to mention in the requirements for a
good VPN is an effective way of authenticating people that are
connecting to it. PPTP fails in this respect as well.
The only real VPN solution that is believed to pass muster these days
is IPsec, and even that protocol is thought of not without
reservations, as it's way too complicated. Complexity is the enemy of
security.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
