The praise of GnuPG @31C3
Robert J. Hansen
rjh at sixdemonbag.org
Thu Jan 1 03:46:53 CET 2015
> Microsoft’s point-to-point tunneling protocol version 1.0 was a miserable failure. Version 2.0 closed up many of those holes and was widely regarded as secure, except for a configuration option which was on by default: “Enable backwards compatibility.” So to exploit a PPTP 2.0 connection, you just had to connect and give it a 1.0 handshake, at which point it would fall back into an insecure mode.
https://www.schneier.com/paper-pptpv2.html
Check section 5.1, “Version rollback attacks”. Full details there.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3634 bytes
Desc: not available
URL: </pipermail/attachments/20141231/4b925773/attachment-0001.bin>
More information about the Gnupg-users
mailing list