From owner-freebsd-security  Tue Aug 21 14: 7:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by hub.freebsd.org (Postfix) with ESMTP id 77F3837B401
	for <freebsd-security@FreeBSD.ORG>; Tue, 21 Aug 2001 14:07:11 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from blossom.cjclark.org (dialup-209.245.130.30.Dial1.SanJose1.Level3.net [209.245.130.30])
	by falcon.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id OAA09359;
	Tue, 21 Aug 2001 14:05:49 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.4/8.11.3) id f7LL2po72486;
	Tue, 21 Aug 2001 14:02:51 -0700 (PDT)
	(envelope-from cjc)
Date: Tue, 21 Aug 2001 14:02:30 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Rob Simmons <rsimmons@wlcg.com>
Cc: Matt Piechota <piechota@argolis.org>,
	Wes Peters <wes@softweyr.com>,
	"Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Silly crackers... NT is for kids...
Message-ID: <20010821140230.X313@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20010821143517.L23909-100000@cithaeron.argolis.org> <20010821150657.G21383-100000@mail.wlcg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010821150657.G21383-100000@mail.wlcg.com>; from rsimmons@wlcg.com on Tue, Aug 21, 2001 at 03:14:36PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Aug 21, 2001 at 03:14:36PM -0400, Rob Simmons wrote:
> On Tue, 21 Aug 2001, Matt Piechota wrote:
> 
> > No No, on the realtime machine controllers (QNX), or OCR nodes that need
> > all the cpu cycles they can get.  I'm talking about the [de|en]crypt on
> > the remote side, not the PC side.  Every bit or performance matters, and
> > could be the difference between us and someone else getting a contract.
> 
> There should be a way to configure sshd so that only the username/password
> exchange is encrypted.  The rest of the connection would be unencrypted.
> You would get some of the benefits of ssh without a constant performance
> hit.

Use one-time passwords with telnet.

But I have yet to find a situation where the "constant performance
hit" of SSH is noticable.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message