Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 Mar 2015 10:11:43 -0500
From:      Benjamin Kaduk <bjkfbsd@gmail.com>
To:        Slawa Olhovchenkov <slw@zxy.spb.ru>
Cc:        "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>
Subject:   Re: svn commit: r279603 - in head: bin/rcp usr.bin/rlogin usr.bin/rsh
Message-ID:  <CAJ5_RoBk=5C2%2BMktu_ODc7C%2BNraUhiSprtKd-=3bj%2Bb5UPT_1g@mail.gmail.com>
In-Reply-To: <20150305144056.GY48476@zxy.spb.ru>
References:  <20150305122103.GA90978@zxy.spb.ru> <20150305122359.GM17947@FreeBSD.org> <20150305123016.GO48476@zxy.spb.ru> <20150305123053.GN17947@FreeBSD.org> <20150305123349.GP48476@zxy.spb.ru> <20150305123548.GO17947@FreeBSD.org> <48981079-C9B7-411D-87A3-5A8F04924314@FreeBSD.org> <AEB33C6A-8824-4345-81E1-95280AB20CFA@FreeBSD.org> <20150305141334.GX48476@zxy.spb.ru> <63BD8258-D2C9-4C94-8A54-63AA104871D9@FreeBSD.org> <20150305144056.GY48476@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Mar 5, 2015 at 9:40 AM, Slawa Olhovchenkov <slw@zxy.spb.ru> wrote:

> On Thu, Mar 05, 2015 at 02:20:59PM +0000, David Chisnall wrote:
>
> > Does telnet come with a massive selection of options for insecure login
> / authentication?  Yes.
>
> This is may right to use or not to use secure or not secure login /
> authentication.
> Also, I am use telnet login for check kerberos authentication (ssh
> kerberos authentication (SSO) broken 10 years ago. nobody care).
>

Other people are covering the rest of the issues, so I will cover just this
one point.

telnet with kerberos authentication was broken 15 years ago, by the EFF's
Deep Crack and its successors.  Kerberized telnet supports only DES, which
has not been secure for a long time.  The last I heard, $50 would buy you a
DES key brute-force with a day turnaround.

Speaking as an upstream maintainer: don't use kerberized telnet.

I use kerberized ssh all the time; please tell me more about how it is
broken (a new thread would be best).

-Ben Kaduk

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ5_RoBk=5C2%2BMktu_ODc7C%2BNraUhiSprtKd-=3bj%2Bb5UPT_1g>