Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 Jun 2001 18:13:16 +0100
From:      Brian Somers <brian@Awfulhak.org>
To:        Warner Losh <imp@village.org>
Cc:        mi@aldan.algebra.com, kris@obsecurity.org, brian@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org
Subject:   Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c fsm.h ip.c mppe.c ppp.8 pred.c 
Message-ID:  <200106181713.f5IHDGh07847@hak.lan.Awfulhak.org>
In-Reply-To: Message from Warner Losh <imp@village.org>  of "Mon, 18 Jun 2001 11:01:31 MDT." <200106181701.f5IH1Vl57448@billy-club.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> In message <200106181644.f5IGig097507@misha.privatelabs.com> mi@aldan.algebra.com writes:
> : Well, I'm only planning to use the FreeBSD implementation of the
> : protocol, which, was done from scratch and audited. Or was it not?
> 
> I think Kris is saying that he's not sure that there might not be
> protocol weaknesses that would effectively render the encryption
> useless :-)

Not that I can see, although I'm no encryption expert and haven't 
examined the key-change algorithm.

The MPPE stuff starts with a secret derived from a shared secret 
(which is already used in the challenge-based CHAP 0x81 (MSCHAPv2) 
authentication layer).

The encryption dictionary is initialised using this secret.

The secret is re-generated either every packet (for stateless 
encryption) or every 256 packets (for stateful encryption), and the 
dictionary is re-initialised based on that changed secret.

Missing packets in stateful mode cause a CCP reset request resulting 
in the key being changed.

Sequence numbers wrap at 4096.

A cracker needs to know the initial secret and the initial challenge 
to be able to get in.  He needs to know how many times the sequence 
numbers have wrapped to be able to decrypt a data stream.  I think 
this is reasonable at this level.

With respect to screw-ups in the key-change code.... I can't comment 
as I haven't even looked at that, but it's rc4 based for what that's 
worth.

> Warner

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>;                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106181713.f5IHDGh07847>