Date: Mon, 27 Feb 1995 07:57:55 +0800 (SST) From: SysAdmin - Ng Pheng Siong <lsys@np.ac.sg> To: jkh@freefall.cdrom.com (Jordan K. Hubbard) Cc: hackers@FreeBSD.org, security@FreeBSD.org Subject: Re: key exchange for rlogin/telnet services? Message-ID: <199502262351.HAA24839@moondance.np.ac.sg> In-Reply-To: <199502261913.LAA29658@freefall.cdrom.com> from "Jordan K. Hubbard" at Feb 26, 95 11:13:06 am
next in thread | previous in thread | raw e-mail | index | archive | help
> You know the problem. You're sitting down at USENIX or your friend Bob's > in Minnesota or some other gawdforsaken place and you have no way of knowing > whether or not that password you just typed to log in to freefall was just > sniffed by the entire undergraduate class of the local university (or their > bored ISP). You can't set up a kerberos realm with everyone, so what you'd > really just like to do is ensure that the endpoints are reasonably secure > and encrypt everything going in between. A friend recerntly suggested a > method for which my knowledge of the spelling may be incomplete, but > I'll try: "Diffie-Hellman key exchange." Apparently you start out with > a key pair on each end and then each raise eacy to the power of the other's > public half and used the information derived to secure the link. Correct spelling. ;) Check out David Safford's SRA (Secure RPC Authentication) telnet/ftp, which use D-H to exchange a key to encrypt your password with. There is a paper in one of the Usenix security symposiums. URL: ftp://net.tamu.edu/pub/security/TAMU Note that D-H key exchange is patented in the US (till 97?). Note 2: the telnet/ftp do not encrypt the entire session, just the password exchange. For that, you may want to check out swIPe. (I think swIPe may be in NetBSD, or has an implementation on it, or something like that.) - PS -- Ng Pheng Siong * lsys@np.ac.sg * ngps@np.ac.sg Computer Centre, Ngee Ann Polytechnic, Singapore
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199502262351.HAA24839>