A top cryptographer said Microsoft's version of a key protocol in Windows NT is so flawed that users should avoid using virtual private network software based on Microsoft's Point to Point Tunneling Protocol.
Bruce Schneier, a noted cryptographer, said the PPTP in Windows NT 4.0 is so broken it can't be fixed with patches--a position that Microsoft disputes.
"I believe it's fundamentally broken," said Schneier, who authored a widely used cryptography textbook. "What we're seeing is the basic problem of proprietary security standards. These are really dumb mistakes, kindergarten crypto."
He advised users interested in setting up virtual private networks to buy software that supports the emerging IPSec standard, not PPTP. Both of those protocols are designed for securely linking remote users to corporate networks over the Internet.
But Microsoft said several of Schneier's criticisms of Windows NT security have already been addressed in product updates or bug patches.
"Several items in the press release are no longer issues," said Microsoft's Ed Muth, group product manager for security marketing.
However, industry observers say only a handful of companies are implementing VPNs today, and many VPN firms are beginning to support IPSec, though some also back PPTP for interoperability. Microsoft said NT version 5.0, due next year, will support both protocols.
"Large enterprise customers know PPTP is a relatively weak security protocol," said Evan Kaplan, president of VPN firm Aventail. "Our belief is that Microsoft will come around and fix it."
Kaplan and others noted that some of Schneier's critiques have been circulating for months on Internet newsgroups.
"The security problems are very real, but almost all customers know about this security problem," Kaplan added.
Schneier contends weaknesses in Microsoft's original NT 4.0 operating system could lead to stolen passwords, disclosure of private data, and server crashes when running some VPN software. Schneier stressed that the issues are in Microsoft's version of PPTP, not in the protocol itself.
But Microsoft's Muth said the firm has fixed most of the problems already--one related to requiring strong passwords in December 1996, one in February to prevent attackers from crashing a PPTP server, and another last week on scrambling passwords sent over the Internet.
Password-based security has inherent weaknesses, Muth said, which is why Microsoft is incorporating digital certificates using public key encryption into its operating systems.
"PPTP is one small part of Windows NT, and Bruce made no general indictment of Windows NT," Muth said. "We think the glass is half full, and we intend to fill it the rest of the way."
But Schneier, who has done consulting work for Microsoft and other major firms around the world, discounted Microsoft's reaction.
"Their normal tactic is either to ignore a security problem, claim it's not a problem, or claim it's being fixed," Schneier said. "Then it blows over and they ignore it."
"We're in the IPSec business and figure that if you want to do it right, go to the trouble of using IPSec," said Jim Hart, Red Creek's director of engineering. "Even if it's a perfect implementation of PPTP, if you're a CIO or network administrator, you're always going be criticized for doing PPTP."
John McCown, technical director for network security of the International Computer Security Association, which is testing IPSec-based VPNs, noted that IPSec has been widely discussed at the standards body Internet Engineering Task Force. That kind of scrutiny tends to weed out errors, he said.
"Having Bruce Schneier criticize something moves it out of the realm of, 'This in general has problems' to 'Yes, the people who really know about this stuff have looked at it,' and that's serious," McCown said.