Date: Sun, 26 Feb 1995 22:34:22 -0500 (EST) From: Sujal Patel <smpatel@wam.umd.edu> To: "Jordan K. Hubbard" <jkh@freefall.cdrom.com> Cc: hackers@freefall.cdrom.com, security@freefall.cdrom.com Subject: Re: key exchange for rlogin/telnet services? Message-ID: <Pine.BSD.3.91.950226222058.133B-100000@xi.dorm.umd.edu> In-Reply-To: <16925.793850098@freefall.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 26 Feb 1995, Jordan K. Hubbard wrote: > Sorry, but this still just doesn't do it for me. I will be doing > other logins within that session, or often need to `su' to do system > repair work. I need the session entirely encrypted from the first > couple of handshakes. From all indications, this diffie-hellman thing > is the way to go! Well if you want a completely encrypted session-- It's not as easy as just diffie-hellman. Here is a short example of how Diffie-Hellman works (without any gory details): Site 1/2 have a COMMON 512 bit prime number Site 1 transmits a 512 bit number (derived from the prime) to Site 2 Site 2 transmits a 512 bit number (derived from the prime) to Site 1 Site 1/2 now generate a 512 bit "random string" which was derived from the prime, and the other sites information The string that Site 1 and 2 generate in the final step is the same for each site. Also, if you have seen the transmissions between the sites (and even if you know their original prime number), you cannot generate the "random string" that they are using. This is all fine but unfortuantly, this sample Diffie-Hellman exchanges takes a 486 five seconds, so it can't be used to encrypt the entire session. What you need to do now is to take that "random string" and use it as a DES key to encrypt the entire session. This would work very well, would be very secure, and could be implemented by hacking up telnet to support a new type of encryption. I implemented a variation of this a while ago, and I could dig it up if there is interest-- The only problem with this system is that both Diffie-Hellman and DES are export restricted by the government, and also the RSA library which most implementations of Diffie-Hellman use is under a really anal licence agreement. Sujal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSD.3.91.950226222058.133B-100000>