Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 May 2001 20:57:19 -0400
From:      Jamie Norwood <mistwolf@mushhaven.net>
To:        Crist Clark <crist.clark@globalstar.com>
Cc:        "f.johan.beisser" <jan@caustic.org>, Alex Holst <a@area51.dk>, freebsd-security@FreeBSD.ORG
Subject:   Re: Apache Software Foundation Server compromised, resecured. (fwd)
Message-ID:  <20010531205717.A53232@mushhaven.net>
In-Reply-To: <3B16E7D9.3E9B78FF@globalstar.com>; from crist.clark@globalstar.com on Thu, May 31, 2001 at 05:54:49PM -0700
References:  <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <3B16E7D9.3E9B78FF@globalstar.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, May 31, 2001 at 05:54:49PM -0700, Crist Clark wrote:
> *sigh*
> 
> You cannot 'record passphrases.' RSA authentication uses public key
> cryptography. The client, the person logging in, proves it knows a 
> secret, the private key, without ever revealing it to the server who
> only knows the public key.

I assume they meant .outgoing. keys from Sourceforge, which would, of
course, have to pass via the compromised ssh client, ne?

Jamie

> 
> The use of public key crypto allows you to log into potentially 
> untrusted servers without revealing your secret.
> -- 
> Crist J. Clark                                Network Security Engineer
> crist.clark@globalstar.com                    Globalstar, L.P.
> (408) 933-4387                                FAX: (408) 933-4926
> 
> The information contained in this e-mail message is confidential,
> intended only for the use of the individual or entity named above.  If
> the reader of this e-mail is not the intended recipient, or the employee
> or agent responsible to deliver it to the intended recipient, you are
> hereby notified that any review, dissemination, distribution or copying
> of this communication is strictly prohibited.  If you have received this
> e-mail in error, please contact postmaster@globalstar.com
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010531205717.A53232>