From owner-freebsd-security  Sun Feb 26 19:37:20 1995
Return-Path: security-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id TAA22621 for security-outgoing; Sun, 26 Feb 1995 19:37:20 -0800
Received: from xi.dorm.umd.edu (xi.dorm.umd.edu [129.2.140.12]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id TAA22556; Sun, 26 Feb 1995 19:35:07 -0800
Received: (from smpatel@localhost) by xi.dorm.umd.edu (8.6.10/8.6.9) id WAA00264; Sun, 26 Feb 1995 22:34:22 -0500
Date: Sun, 26 Feb 1995 22:34:22 -0500 (EST)
From: Sujal Patel <smpatel@wam.umd.edu>
X-Sender: smpatel@xi.dorm.umd.edu
To: "Jordan K. Hubbard" <jkh@freefall.cdrom.com>
cc: hackers@freefall.cdrom.com, security@freefall.cdrom.com
Subject: Re: key exchange for rlogin/telnet services? 
In-Reply-To: <16925.793850098@freefall.cdrom.com>
Message-ID: <Pine.BSD.3.91.950226222058.133B-100000@xi.dorm.umd.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: security-owner@FreeBSD.org
Precedence: bulk


On Sun, 26 Feb 1995, Jordan K. Hubbard wrote:

> Sorry, but this still just doesn't do it for me.  I will be doing
> other logins within that session, or often need to `su' to do system
> repair work.  I need the session entirely encrypted from the first
> couple of handshakes.  From all indications, this diffie-hellman thing
> is the way to go!

Well if you want a completely encrypted session-- It's not as easy as 
just diffie-hellman.  Here is a short example of how Diffie-Hellman works 
(without any gory details):

Site 1/2 have a COMMON 512 bit prime number

Site 1 transmits a 512 bit number (derived from the prime) to Site 2
Site 2 transmits a 512 bit number (derived from the prime) to Site 1

Site 1/2 now generate a 512 bit "random string" which was derived from the
prime, and the other sites information


The string that Site 1 and 2 generate in the final step is the same for 
each site.  Also, if you have seen the transmissions between the sites 
(and even if you know their original prime number), you cannot generate 
the "random string" that they are using.

This is all fine but unfortuantly, this sample Diffie-Hellman exchanges 
takes a 486 five seconds,  so it can't be used to encrypt the 
entire session.  What you need to do now is to take that "random string" and 
use it as a DES key to encrypt the entire session.

This would work very well, would be very secure, and could be implemented 
by hacking up telnet to support a new type of encryption.  I implemented 
a variation of this a while ago, and I could dig it up if there is 
interest-- The only problem with this system is that both Diffie-Hellman 
and DES are export restricted by the government,  and also the RSA 
library which most implementations of Diffie-Hellman use is under a 
really anal licence agreement.

Sujal