Crypto Flaw Found in Microsoft Net Product

  • George Leopold
  • EE Times
  • June 1, 1998

MINNEAPOLIS — A computer security expert will announce today that he has found a flaw in Microsoft Corp.'s implementation of a communications protocol used in many virtual private networks.

Bruce Schneier, president of Counterpane Systems here, said Microsoft's implementation of the point-to-point-tunneling protocol will lead to compromised passwords, disclosure of private information and server break downs in virtual private networks running under Windows NT and 95.

"Microsoft's implementation is seriously flawed on several levels," said Schneier. "It uses weak authentication and poor encryption." For example, he said Microsoft employed users' passwords as an encryption key instead of using other well-known and more secure alternatives.

Microsoft had no immediate reaction to the finding.

Categories: Articles, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.