[inbox] Re: [Full-Disclosure] Cisco LEAP exploit tool...

[Dave Howe]

Curt Purdy wrote:
> Agreed.  If the packets/hashes can be accessed it can be compromised.
> "Unbreakable" has been touted from the 48-bit Netscape encryption
> that took USC's distributed network a week to crack, to Oracle 9i
> that took one day to compromise, I believe.
You are preaching to the choir there - however, my boss is preferring to
believe the consultant's claims that the 10 minute key cycle (communicated
by TLS) makes the system unbreakable.... so it doesn't need to be on a DMZ
and can work "just like they were on the lan"