On December 12, bryan.hunt at ossidian.com said:
>> Thing is thought that using MPPE will make your connection secured is
> the security problem that they refer to at the end the crap security in the
> windows sam files ?
Not really, other than that it shares the authentication method of the
various windows security hives. It's a brute-force attack on the
password, having retrieved the password hash off the wire. It's
similar in technique to brute-forcing /etc/password.
> But if the clients are windows thats something that you will be used to
> though ?
I'm not really sure what this comment is meant to imply - that you
should disregard security if you're used to insecurity?
> Is the advantage then with ipsec that the keys are encrypted using industry
> standard symetric encryption with a passphrase ?
Yes and no. FreeSWAN, an IPSEC implementation, forces security on you
to a certain extent because they've basically refused to implement the
a few of the less secure options. IPSEC on a Cisco router can be set
to use e.g. single instead of triple DES. And if you use Shared Secret
keying, you're opening yourself up in a differnet way. The main
difference between PPTP and IPSEC from an attacker's point of view is
- as I understand it, note - that it's a lot harder to get at the
equivalent of a password hash in an IPSEC session.
waider at waider.ie / Yes, it /is/ very personal of me.
"One or more sentences in this post have been over-leavened with
sarcasm and/or irony. The author fully expects to be misunderstood
because of this, you illiterate morons. He doesn't care." - AjD
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!