[svlug] PPTP?

Rick Moen rick at linuxmafia.com
Sun Jul 22 22:42:02 PDT 2001


begin George Bonser quotation:

> I am not claiminmg that PPTP is any good, I am just saying that
> sometimes you are forced to operate with it and no amount of
> complaining is going to make management change their stance. 

Well, I'm not -- and I'm not going to assist in implementing a strategic
error.  I would not help my neighbour build a shed that was likely to
collapse, either.

> As for the 128-bit brute force ...

40-bit, most places.  And l0phtcrack is _not_ brute-forcing, not by a
country mile.

And further, as I said, once you've cracked any of the authentication
keys for PPTP, you're essentially in forever.  By contrast, somehow
grabbing a session key from SSH will do you little good, because it's
not reused.

> The EFF ( not exactly the deepest pocketed cracker ) built a piece of
> hardware that won RSA's DES Challange II in less than 3 days as opposed to
> 39 days by a network of tens of thousands of systems. 

You're changing the subject, again.   That's brute-forcing.

> The other point is that even 40 bit security is enough to keep a single PC
> busy for a few years. 

So, you want to set up 40-bit MS-PPTP, and set me loose against it?  How
much to you want to wager that it'd require "a few years" to crack it
using a single PC?

> On my long-haul VPN links I use a 128-bit key with blowfish. The key
> changes every 15 minutes. 

Exactly.  Compare that against PPTP -- especially MS-PPTP -- and you'll
see my point.

> For people simply working at home and need to get their email on the
> private network, PPTP is just fine.

Definitely not from where I stand.

-- 
Cheers,           "I don't like country music, but I don't mean to denigrate
Rick Moen         those who do.  And, for the people who like country music,
rick at linuxmafia.com         denigrate means 'put down'."      -- Bob Newhart




More information about the svlug mailing list