Alan wrote (2021-02-05):
Ol>> define 'secure' ;)
Ol>> "grep CRYPT" doesn't return a match on the Winpoint files.
AI> I'm not sure that CRYPT is all that secure either, but I guess it is better
AI> than nothing.
It obfuscates most of the data stream. I doubt that any agency is automatically
decrypting binkp data that's on the wire. Biggest disadvantage with CRYPT is
that it requires a shared password.
AI> If we can authenticate with a password, hopefully a
AI> CRAM-MD5 handshake that will do.
"grep CRAM-MD5" returns a match on WpointII.exe.
AI> Winpoint is being updated I think, so there is hope that winpoints
AI> shortcomings (if any) can be improved upon.
Where can I find the sources?
---
* Origin: . (2:280/464.47)
|