Date: Mon, 29 Jul 2002 21:10:00 +0100 From: Nick Barnes <Nick.Barnes@pobox.com> To: Nick Sayer <nsayer@quack.kfu.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: telnet "SRA secure login" fails intermittently Message-ID: <25471.1027973400@thrush.ravenbrook.com> In-Reply-To: Message from Nick Sayer <nsayer@quack.kfu.com> of "Mon, 29 Jul 2002 10:03:36 PDT." <3D457568.9070704@kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2002-07-29 17:03:36+0000, Nick Sayer writes: > Nick Barnes wrote: > >[examples of the same password both working and not working with SRA > telnet] > > Hi. I initially imported SRA into the tree. I see this periodically too, > and have since day one. I suspect when it picks its DH components there > is an occasional rounding error in there somewhere which ends up keeping > both sides from being able to agree. The only thing to do about it is > break the connection and try again. > > SRA was imported when there was no other way to remotely access a newly > installed FreeBSD machine without exposing the root password at least > once (to do the make install on the ssh port). Shortly after SRA was in, > openssh was imported, which sort of made it a moot point. SRA's DH > constants are too small for today's CPU horsepower and it is vulnerable > to MiM (but then, so is ssh unless you actually verify the host keys > first using a trusted channel) and it is not extensible. But it is > better than plaintext. Can you say some more about what SRA is? It's not in the telnet or telnetd man pages. I would be happy to delve into the sources and help fix this. Maybe we should take this off-line. Nick B To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25471.1027973400>