Date: Sun, 26 Feb 1995 14:14:07 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: jkh@freefall.cdrom.com (Jordan K. Hubbard) Cc: hackers@freefall.cdrom.com, security@freefall.cdrom.com Subject: Re: key exchange for rlogin/telnet services? Message-ID: <9502262014.AA06755@brasil.moneng.mei.com> In-Reply-To: <199502261913.LAA29658@freefall.cdrom.com> from "Jordan K. Hubbard" at Feb 26, 95 11:13:06 am
next in thread | previous in thread | raw e-mail | index | archive | help
> You know the problem. You're sitting down at USENIX or your friend Bob's > in Minnesota or some other gawdforsaken place and you have no way of knowing > whether or not that password you just typed to log in to freefall was just > sniffed by the entire undergraduate class of the local university (or their > bored ISP). You can't set up a kerberos realm with everyone, so what you'd > really just like to do is ensure that the endpoints are reasonably secure > and encrypt everything going in between. A friend recerntly suggested a > method for which my knowledge of the spelling may be incomplete, but > I'll try: "Diffie-Hellman key exchange." Apparently you start out with > a key pair on each end and then each raise eacy to the power of the other's > public half and used the information derived to secure the link. > > Do any of you security weenies out there know what I'm talking about? > Am I making any sense? Should I be locked up by the NSA for even suggesting > this? > > Jordan This could be worthwhile, if possible... I'm using Kerberos for this purpose now, and it's a tad exasperating because the primary reason I installed it was so I could get encrypted telnet (yes, it was a lotta hacking, rip the DES code out of Kerberos, toss it in eBones, build, hack on the usr/src/secure programs for the better part of a day, etc). ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9502262014.AA06755>