From owner-freebsd-security Sun Mar 24 23:51:36 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA27000 for security-outgoing; Sun, 24 Mar 1996 23:51:36 -0800 (PST) Received: from relay.philips.nl (ns.philips.nl [130.144.65.1]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id XAA26994 for ; Sun, 24 Mar 1996 23:51:32 -0800 (PST) Received: (from smap@localhost) by relay.philips.nl (8.6.9/8.6.9-950414) id IAA02190 for ; Mon, 25 Mar 1996 08:50:56 +0100 Received: from unknown(192.26.173.32) by ns.philips.nl via smap (V1.3+ESMTP) with ESMTP id sma002082; Mon Mar 25 08:50:07 1996 Received: from spooky.lss.cp.philips.com (spooky.lss.cp.philips.com [130.144.199.105]) by smtp.nl.cis.philips.com (8.6.10/8.6.10-0.9z-02May95) with ESMTP id IAA08001 for ; Mon, 25 Mar 1996 08:51:22 +0100 Received: (from guido@localhost) by spooky.lss.cp.philips.com (8.6.10/8.6.10-0.991c-08Nov95) id IAA01192 for freebsd-security@freebsd.org; Mon, 25 Mar 1996 08:50:05 +0100 From: Guido van Rooij Message-Id: <199603250750.IAA01192@spooky.lss.cp.philips.com> Subject: BoS: Long key secure RPC&NFS is available (fwd) FYI To: freebsd-security@freebsd.org Date: Mon, 25 Mar 1996 08:50:05 +0100 (MET) Reply-To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) X-Mailer: ELM [version 2.4 PL21] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk A.N.Kuznetsov wrote: > From owner-best-of-security@suburbia.net Sat Mar 23 09:42:54 1996 > X-Authentication-Warning: suburbia.net: majordom set sender to owner-best-of-security using -f > Message-Id: <199603221440.RAA27829@ms2.inr.ac.ru> > Subject: BoS: Long key secure RPC&NFS is available > To: linux-kernel@vger.rutgers.edu > Date: Fri, 22 Mar 1996 17:40:04 +0300 (MSK) > From: inr-linux-kernel@ms2.inr.ac.ru (A.N.Kuznetsov) > X-Mailer: ELM [version 2.4 PL24] > Mime-Version: 1.0 > Sender: owner-best-of-security@suburbia.net > Errors-to: nobody@mail.uu.net > Precedence: bulk > Reply-To: nobody@mail.uu.net > > Hello! > > I finished secure RPC package using arbitrary size keys. > This version should be really secure. > > I have Linux version (tested for almost 2 weeks) > and Solaris 2.3 version (tested for 3 days). > It should work for Solaris > 2.3, but I am not sure. > I believe Linux version can be painlessly compiled > for SunOS 4.x.x. > > How to get it? > > I am somewhat offended by absence of any feedback to > my secure RPC NFS, so that: > > 1. ftp.inr.ac.ru:/secure_nfs.tar.gz contains kernel patches > (they should fit to any kernel 1.3.71 - 1.3.77) > and upgrades for mount, nfsd, amd. > > secure_rpc directory contains not secure 192-bit version > of secure RPC utilities. Do not use it! > Do not use NATIVE Sun secure RPC too! It is not > only not secure, it may be major security hole. > I suspect, that any curious person can easily crack Sun style > publickey database and evaluate all user's passwords. > > 2. To get long key secure RPC package, please, send your requests > for Linux and/or Solaris versions to me. > > They are not free 8)8) I will require any feedback 8)8) > > More seriously, this package cannot be fully compatible with > standard Sun secure RPC. I believe, that all clients (f.e. NFS) > and major servers (f.e. NFSD) are compatible. But all the tools: > keyserv, keylogin, chkey, newkey (and login, passwd, yppasswd, if they > are aware of secure RPC) should be replaced on ALL your network. > So that I am obliged to provide wide compatibility, and > I'd like that you help me. > > I expect that somebody will help to test it: > > a) for solaris2.x. I do not use NIS+ on my Sparc with > Solaris-2.3, I use plain YP, so that I am sure that > it works only when publickey database is served by YP. > > b) I do not use NYS package on my Linux hosts and I do not > know how this package will interfere with NYS. > > c) It is interesting, whether this package will work for SunOS4.x.x > > d) And for another platforms? > > Alexey Kuznetsov. > kuznet@ms2.inr.ac.ru > > >