No, actually, this is a tool that a close friend wrote while working on a test harness for the PPTP protocol. It seems that MS PPTP doesn't quite work as advertized and it was necessary to sniff a ton of sessions to determine the protocol and write the state machine to interface to something other than Winblows as a client or server. I suppose that "releasing" the crack will brings with it notoriety in the community if that's what you're after. Personally, I find it more gratifying to know it can be done and have the prowess to do it than to provide the code to every bored 13y/o on the planet via anonymous ftp.
According to my Microsoft insider, "depends what the client is. If it's NT and uses the NTLM hash, it's quite secure. If it's 9x and uses the LM hash, it's easy to crack. Basically the deal is that 9x clients use a shitty old hash method that's really easy to sniff and crack."
The session hijacked was NT<->NT. With 3DES/Blowfish/etc freely available,
why does MS feel the need to _attempt_ to write their own encryption?
Who said they wrote their own encryption? They use RC4 (40 or 128 bit). The problems deal with authentication/key management, not encryption. -mike
participants (1)
-
Michael Nelson