Security Basics mailing list archives
FW: Remote Desktop vs. VPN on Windows 2003
From: "Jeff Randall" <Jeff.Randall () ksg-llc net>
Date: Fri, 21 Jan 2005 15:07:07 -1000
Like the RC4 keys, are there any offline attacks available for cracking PPTP traffic? To get either RDP or PPTP I assume you already have to have some sort of MITM/sniffing going on anyways. Isn't the PPTP encryption algorithm (MPPE)40/128 bits as well? -----Original Message----- From: Conlan Adams [mailto:conlan () mebtc org] Sent: Wednesday, January 19, 2005 12:10 PM To: Roger A. Grimes; security-basics () securityfocus com Subject: RE: Remote Desktop vs. VPN on Windows 2003 Number of available cracks on SSH and RDP is not really related to strength of a protocol, only to the number of people looking at the code. SSH thousands of sets of eyes on the code. RDP only the eyes Microsoft allows. The RC4 encryption used by Microsoft for RDP is susceptible to offline attack just like WEP. Long story short, someone can grab your traffic and crack at their leisure. Also, I can look into it as well, how many of the cracks against SSH are remote access? Not local elevation of privileges, or Denial Of Service? Conlan Adams -----Original Message----- From: Roger A. Grimes [mailto:roger () banneretcs com] Sent: Wednesday, January 19, 2005 2:22 PM To: Ansgar -59cobalt- Wiechers; security-basics () securityfocus com Subject: RE: Remote Desktop vs VPN on Windows 2003 SSH multiple hacks...RDP one in 2002. How is RDP the worse tool? I keep waiting for facts? -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: Wednesday, January 19, 2005 12:05 PM To: security-basics () securityfocus com Subject: Re: Remote Desktop vs VPN on Windows 2003 On 2005-01-18 Roger A. Grimes wrote:
but if the Windows tool can do the same or better job, why not use the
free tools in the system?
Because it can't. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin
Current thread:
- RE: Remote Desktop vs. VPN on Windows 2003 Conlan Adams (Jan 20)
- <Possible follow-ups>
- FW: Remote Desktop vs. VPN on Windows 2003 Jeff Randall (Jan 24)
- Re: FW: Remote Desktop vs. VPN on Windows 2003 Nick Owen (Jan 25)