The praise of GnuPG @31C3
Robert J. Hansen
rjh at sixdemonbag.org
Thu Jan 1 03:40:01 CET 2015
> If anyone has a reference ...
Not a reference, but some history —
Microsoft’s point-to-point tunneling protocol version 1.0 was a miserable failure. Version 2.0 closed up many of those holes and was widely regarded as secure, except for a configuration option which was on by default: “Enable backwards compatibility.” So to exploit a PPTP 2.0 connection, you just had to connect and give it a 1.0 handshake, at which point it would fall back into an insecure mode.
The protocol was secure: you just had to configure it correctly. The server was correctly implemented. It’s just that it was shipped in a completely broken state, most system administrators didn’t know it and/or didn’t check it, and as a result it was pretty much useless.
A secure protocol must be used correctly in order to provide communications security. Too often people completely lose sight of that and don’t even introduce it into their discussions. So — discuss. If you use ssh and trust it, how do you know that you’re using it correctly? How do you know the people who connect to your system are? Etc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3634 bytes
Desc: not available
URL: </pipermail/attachments/20141231/a925c15f/attachment.bin>
More information about the Gnupg-users
mailing list