Date: Mon, 16 Aug 1999 11:43:23 -0700 From: Nick Sayer <nsayer@sftw.com> To: Kris Kennaway <kris@hub.freebsd.org> Cc: freebsd-hackers@freebsd.org Subject: Re: Whither makefiles for src/crypto/telnet/* ? Message-ID: <37B85BCA.7DE71FF2@sftw.com> References: <Pine.BSF.4.10.9908161017250.45940-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > > > Are you sure about this? Having constant p, g, x and y for every > telnet client and server surely makes it much easier to attack? In theory > you could probably pregenerate all of the arithmetic. Maybe we're not using the constant names the same way. In SRA the modulus and base are constants. I don't think that those being public helps an attacker too much. The client and server must agree on these values before you start an authentication, so at the very least a single failed authentication attempt would provide these values to an attacker anyway. And it's computationally too difficult to generate suitable values on the fly. Each side picks Xmine, each side passes Nmine=B^Xmine % m, each then computes K=B^(Nhis*Xmine) % m. That's straight DH, right? SRA then uses the common K to make a DES key to pass auth data from client to server. Simple. You can attack the protocol either by brute forcing DES, factoring the DH exchange, or with MiM. I regard each of these tasks as approximately equally difficult. I could hack SRA to use larger numbers, even pre generate them on the server, but that would break compatibility with existing SRA implementations (which do exist, believe it or not). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37B85BCA.7DE71FF2>