I've used various pptp servers, though not poptop in particular. With them you can create encrypted mppe sessions, 128bit stateless mppe with ms chapv2 password authentication is the way to go I think.
warning: the following is probably full of bad cryptography terminology and bastardizations because i am not an expert on the matter. Unfortunately mppe is not entirely secure, there are one or two eavesdropping+brute force attacks that can be used against it. I believe that because of the rotating hashing function and the weakness of rc4 streams (atleast there are different hashes for each direction) one can snoop the packets and eventually come up with the first bunch of bit of the password and then be left with only 65XXX potential combinations that need to be pushed through an nt password cracker to come up with the password and be able to read the encrypted stream. Also dictionary attacks can be extremely effective against mppe so strong passwords are a must.
Overall is this better than wep? yes i think so. WEP + pptp tunnels seems like a pretty good way to go but the VPN/PPTP might make the user feel more secure than they really are. end result: You probably dont want to put the DoD on a PPTP encrypted tunnel system but I'm sure that its plenty good for most businesses and all home users. Banks, Hospitals, Insurance companies, etc, IPsec tunnels over l2tp would be more secure. However they would also be a giant pain in the butt to setup.
Also PPTP tunnels are not light on the cpu really. I can only do about 20mb/s of encrypted pptp on a duron 900. So this isnt going to work on a soekris or other SBCs.
Dave
At 10:25 PM 30/06/2003 -0400, you wrote:
Has anyone done any experimenting with PoPToP?
http://poptop.org
My understanding is that it provides that ability to use encrypted ppp sessions with Windows clients without an additional software on the client system.
Does this mean that wisps (like me & us) could use poptop to encrypt "all" the
traffic between clients and our systems? This is a concern for me - because
"I think that my clients think" that wireless is "insecure" I know I need to
educate them about the padlock on the browser, encrypted e-mail, etc., but
would using an app like poptop allow me to say that I have as secure a system
as their old dialup system?
Oh yeah, better put something about smartbridges in here. Does any one know if
there is an incompatibilities between poptop and smartbridges equipment?
Erik
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
