RE: PPTP (again)

From: Shane Mason (Shane_Masonat_private)
Date: Wed May 13 1998 - 23:33:16 PDT

  • Next message: Darren Reed: "REVIEW: "Firewalls Complete", Marcus Goncalves (fwd)"

    Even if it were possible that it were true, what would it gain the NSA?  If
    we are talking about two-way encrypted sessions (rather than encrypted
    e-mail), then, if the encryption is worth using, the session key is updated
    every few minutes, using a signed Diffie-Hellman or some other secured
    exchange mechanism.  Two-way communication between known parties would not
    be suceptible to this method of attack.
    Even the NSA can't break IDEA, or blowfish, or even RC4-128 in an
    afternoon.  They would need a few weeks at least, and the data should be
    old by then.  Also, how would they pass data through an encrypted tunnel
    that is unique between the two communicating parties?
    If a great number of security gurus question the security of PPTP, that
    by definition makes PPTP an untrusted encryption protocol.
    > ----- Original Message -----
    > From:   Weld Pond [SMTP:weldat_private]
    > This is correct.  All that spam you get for "get rich quick" scams is
    > actually data the NSA floods  mailboxes and USENET with so that they
    > have known plaintext passing through encrypted tunnels.
    You forgot the smiley.  Surely you jest.
    There exists:
    - a funded covert (cyberwar) project to compromise some
    encryption/security products for intelligence purposes (clipper
    contingency plan),
    - an overt FBI plan to compromise encryption/security products for 'law
    enforcement' purposes (by Lois Freeh),
    - a project to place sniffers on all Internet backbones (via Janet
    - and a plan to put 'Mind control' elements of Psychological Warfare on
    Internet sites & postings (Congress, Porter Gross-R Fla.),
    but SPAM from the NSA?  Nah!  Too far fetched even for me.
    Bill Stout
    Proud member of Hillarys' right wing conspiracy.

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:14 PDT