rick at linuxmafia.com
Sun Jul 22 22:42:02 PDT 2001
begin George Bonser quotation:
> I am not claiminmg that PPTP is any good, I am just saying that
> sometimes you are forced to operate with it and no amount of
> complaining is going to make management change their stance.
Well, I'm not -- and I'm not going to assist in implementing a strategic
error. I would not help my neighbour build a shed that was likely to
> As for the 128-bit brute force ...
40-bit, most places. And l0phtcrack is _not_ brute-forcing, not by a
And further, as I said, once you've cracked any of the authentication
keys for PPTP, you're essentially in forever. By contrast, somehow
grabbing a session key from SSH will do you little good, because it's
> The EFF ( not exactly the deepest pocketed cracker ) built a piece of
> hardware that won RSA's DES Challange II in less than 3 days as opposed to
> 39 days by a network of tens of thousands of systems.
You're changing the subject, again. That's brute-forcing.
> The other point is that even 40 bit security is enough to keep a single PC
> busy for a few years.
So, you want to set up 40-bit MS-PPTP, and set me loose against it? How
much to you want to wager that it'd require "a few years" to crack it
using a single PC?
> On my long-haul VPN links I use a 128-bit key with blowfish. The key
> changes every 15 minutes.
Exactly. Compare that against PPTP -- especially MS-PPTP -- and you'll
see my point.
> For people simply working at home and need to get their email on the
> private network, PPTP is just fine.
Definitely not from where I stand.
Cheers, "I don't like country music, but I don't mean to denigrate
Rick Moen those who do. And, for the people who like country music,
rick at linuxmafia.com denigrate means 'put down'." -- Bob Newhart
More information about the svlug