Date: Mon, 29 Jul 2002 10:03:36 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: Nick Barnes <Nick.Barnes@pobox.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: telnet "SRA secure login" fails intermittently Message-ID: <3D457568.9070704@kfu.com> References: <24197.1027939929@thrush.ravenbrook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick Barnes wrote: >[examples of the same password both working and not working with SRA telnet] Hi. I initially imported SRA into the tree. I see this periodically too, and have since day one. I suspect when it picks its DH components there is an occasional rounding error in there somewhere which ends up keeping both sides from being able to agree. The only thing to do about it is break the connection and try again. SRA was imported when there was no other way to remotely access a newly installed FreeBSD machine without exposing the root password at least once (to do the make install on the ssh port). Shortly after SRA was in, openssh was imported, which sort of made it a moot point. SRA's DH constants are too small for today's CPU horsepower and it is vulnerable to MiM (but then, so is ssh unless you actually verify the host keys first using a trusted channel) and it is not extensible. But it is better than plaintext. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D457568.9070704>