Date: Mon, 25 Mar 1996 08:50:05 +0100 (MET) From: Guido van Rooij <Guido.vanRooij@nl.cis.philips.com> To: freebsd-security@freebsd.org Subject: BoS: Long key secure RPC&NFS is available (fwd) FYI Message-ID: <199603250750.IAA01192@spooky.lss.cp.philips.com>
next in thread | raw e-mail | index | archive | help
A.N.Kuznetsov wrote: > From owner-best-of-security@suburbia.net Sat Mar 23 09:42:54 1996 > X-Authentication-Warning: suburbia.net: majordom set sender to owner-best-of-security using -f > Message-Id: <199603221440.RAA27829@ms2.inr.ac.ru> > Subject: BoS: Long key secure RPC&NFS is available > To: linux-kernel@vger.rutgers.edu > Date: Fri, 22 Mar 1996 17:40:04 +0300 (MSK) > From: inr-linux-kernel@ms2.inr.ac.ru (A.N.Kuznetsov) > X-Mailer: ELM [version 2.4 PL24] > Mime-Version: 1.0 > Sender: owner-best-of-security@suburbia.net > Errors-to: nobody@mail.uu.net > Precedence: bulk > Reply-To: nobody@mail.uu.net > > Hello! > > I finished secure RPC package using arbitrary size keys. > This version should be really secure. > > I have Linux version (tested for almost 2 weeks) > and Solaris 2.3 version (tested for 3 days). > It should work for Solaris > 2.3, but I am not sure. > I believe Linux version can be painlessly compiled > for SunOS 4.x.x. > > How to get it? > > I am somewhat offended by absence of any feedback to > my secure RPC NFS, so that: > > 1. ftp.inr.ac.ru:/secure_nfs.tar.gz contains kernel patches > (they should fit to any kernel 1.3.71 - 1.3.77) > and upgrades for mount, nfsd, amd. > > secure_rpc directory contains not secure 192-bit version > of secure RPC utilities. Do not use it! > Do not use NATIVE Sun secure RPC too! It is not > only not secure, it may be major security hole. > I suspect, that any curious person can easily crack Sun style > publickey database and evaluate all user's passwords. > > 2. To get long key secure RPC package, please, send your requests > for Linux and/or Solaris versions to me. > > They are not free 8)8) I will require any feedback 8)8) > > More seriously, this package cannot be fully compatible with > standard Sun secure RPC. I believe, that all clients (f.e. NFS) > and major servers (f.e. NFSD) are compatible. But all the tools: > keyserv, keylogin, chkey, newkey (and login, passwd, yppasswd, if they > are aware of secure RPC) should be replaced on ALL your network. > So that I am obliged to provide wide compatibility, and > I'd like that you help me. > > I expect that somebody will help to test it: > > a) for solaris2.x. I do not use NIS+ on my Sparc with > Solaris-2.3, I use plain YP, so that I am sure that > it works only when publickey database is served by YP. > > b) I do not use NYS package on my Linux hosts and I do not > know how this package will interfere with NYS. > > c) It is interesting, whether this package will work for SunOS4.x.x > > d) And for another platforms? > > Alexey Kuznetsov. > kuznet@ms2.inr.ac.ru > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199603250750.IAA01192>