Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!usenet.eel.ufl.edu!news.mathworks.com!newsfeed.internetmci.com!in1.uu.net!quack!quack.kfu.com!nsayer From: nsayer@quack.kfu.com (Nick Sayer) Subject: Re: TCP Encryption Message-ID: <nAIlYwQ@quack.kfu.com> Sender: news@quack.kfu.com (0000-News(0000)) Organization: The Duck Pond public unix, +1 408 249 9630, log in as guest. References: <Pine.BSF.3.91.960928164946.15233A-100000@darkstar> Date: Sun, 29 Sep 1996 05:03:38 UTC Lines: 36 Charles Mott <cmott@srv.net> writes: >A well known and worrisome aspect of two standard TCP applications, Telnet >and FTP, is that usernames and passwords are sent in the clear, Run, don't walk, to ftp://ftp.tu-chemnitz.de/pub/Local/informatik/sec_tel_ftp [...] >Rather than using a kerberos-like solution, which seems to me bulky and >difficult to set up, I believe encryption should remain at the application layer. Some things should be encrypted and some not. SRA Telnet uses Diffie Hellmen to set up a random session key used to transfer user authentication and set up session encryption. It does this with no overhead beyond compiling and installing the software. No key management, nothing. It is vulnerable to man-in-the-middle attack, but such an attack is far, far more difficult than simply snooping. >I think it would be interesting to try to develop a simple, efficient TCP >encryption scheme as a FreeBSD extension. If it gains acceptance, other >operating systems might also adopt it. I would be interested in hearing >from others interested in working on such a project. If you're in the US, you can ftp a patch to lay on top of FreeBSD to add SRA authentication and IDEA encryption to telnet/telnetd at ftp://ftp.kfu.com/pub/sra-idea.tgz. A similar patch, created outside the US without violating ITAR, should soon appear at the german site above. -- Nick Sayer <nsayer@quack.kfu.com> | Just think of me as a recombinant Simp- N6QQQ @ N0ARY.#NORCAL.CA.USA.NOAM | son. Homer's looks, Lisa's brains, Bart's +1 408 249 9630, log in as 'guest' | manners, and Maggie's appetite for TV. URL: http://www.kfu.com/~nsayer/ | -- Me