Date: Tue, 12 Oct 1999 22:10:00 +0200 From: "Michael Hallgren" <m.hallgren@free.fr> To: "Kris Kennaway" <kris@hub.freebsd.org>, "Donald Wilde" <dwilde1@thuntek.net> Cc: <freebsd-security@freebsd.org> Subject: Re: MD5 systems interacting with DES systems Message-ID: <015101bf14ed$c4b27e60$5b014b0a@asf.fr> References: <Pine.BSF.4.10.9910121253390.89607-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, 12 Oct 1999, Donald Wilde wrote: > > > I saw a hint that some routines (rlogin, etc.) will not work unless DES > > is installed both ways. Are there low level (transport level) routines > > which we can use with MD5 systems, or is my best answer to do the > > encrypt/decrypt at the user level? > > I don't think this is correct. rlogin and friends do no encryption or > password authentication themselves, and aren't linked against libcrypt at > all. So there should be no difference whether or not you have DES > installed. Berkeley r* authenticates over source address, if I'm not seriously mistaken... > However... > > > I don't mind making all systems MD5. > > ...this is the way to go, unless you specifically need DES passwords (e.g. > sharing passwords with commercial unices). DES is just too insecure > thesedays. Well,... yes... ... ;) > > As for encrypted transport, which it sounds like you were talking about, > you want either ssh (if the license restrictions are applicable to you - > or you could port the "last truly free" version which the openbsd guys > have been cleaning up in their tree), Yes, nice. SSH's a VERY good replacement for r* 'and a host of other needs). >or your could go for IPSec (either > in the kernel - see www.kame.net), or userspace (the pipsecd port in > net/). Anyone been trying out FreeS/WAN ? Cheers mh > > Kris > > ---- > XOR for AES -- join the campaign! > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015101bf14ed$c4b27e60$5b014b0a>