-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I think I can sum up PPtP's biggest weakness by telling you that the control connection, including the key exchange, is done in the clear. Only the data channel is encrypted. Therefore, anyone who can sniff the connection can grab the keys and hijack the session or just spoof data. Rob - -----Original Message----- From: Johnson, David [mailto:[EMAIL PROTECTED]] Sent: Monday, November 12, 2001 3:42 PM To: 'Jason Reeves'; [EMAIL PROTECTED] Subject: Microsoft PPTP bad for security? I have actually been just given the task of researching the security implications of MS PPTP. Can you explain why it is bad or point me to some resources on the subject? Thanks - -----Original Message----- From: Jason Reeves [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 11, 2001 1:09 AM To: [EMAIL PROTECTED] Subject: Re: Outlook & FTP Passwords 3) Use a VPN of some type (but NOT Microsoft PPTP!). -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBO/Hs5ea2P6TrxG1EEQJaPQCghoA7FyhiSm89ShGUCzelb191B/sAn0WF IVlzAbBhA9yNziyOmNX8dJk6 =pHm/ -----END PGP SIGNATURE-----
PGPexch.htm.asc
Description: PGPexch.htm.asc
