From owner-freebsd-security  Sat Aug 19  0:16:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138])
	by hub.freebsd.org (Postfix) with ESMTP id 36E0C37B422
	for <freebsd-security@FreeBSD.ORG>; Sat, 19 Aug 2000 00:16:44 -0700 (PDT)
Received: from grimreaper.grondar.za (mark@localhost [127.0.0.1])
	by grimreaper.grondar.za (8.11.0/8.11.0) with ESMTP id e7J7H0G22330;
	Sat, 19 Aug 2000 09:17:00 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200008190717.e7J7H0G22330@grimreaper.grondar.za>
To: Jim Durham <durham@w2xo.pgh.pa.us>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: PPTP 
References: <Pine.BSF.4.21.0008190352180.29632-100000@w2xo.w2xo.pgh.pa.us> 
In-Reply-To: <Pine.BSF.4.21.0008190352180.29632-100000@w2xo.w2xo.pgh.pa.us> ; from Jim Durham <durham@w2xo.pgh.pa.us>  "Sat, 19 Aug 2000 03:57:08 GMT."
Date: Sat, 19 Aug 2000 09:17:00 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Does anyone have any advice regarding security problems caused by
> PPTP using PopTop on FreeBSD?
> 
> We'd like to implement this, but I'm a little nervous about it,
> having heard that the cypher has been cracked. Is this true?
> How about root access from buffer overflows, etc?

Look on Bruce Schneier's site - http://www.counterpane.com (take
the "labs" link). He has a cryptanalysis of PPTP there that may be
what you are looking for.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message