From owner-freebsd-security Tue Mar 7 14:46:25 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA28620 for security-outgoing; Tue, 7 Mar 1995 14:46:25 -0800 Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.20.4]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id OAA28614; Tue, 7 Mar 1995 14:46:24 -0800 Received: by brasil.moneng.mei.com (4.1/SMI-4.1) id AA12270; Tue, 7 Mar 95 16:44:10 CST From: Joe Greco Message-Id: <9503072244.AA12270@brasil.moneng.mei.com> Subject: Re: key exchange for rlogin/telnet services? To: phk@ref.tfs.com (Poul-Henning Kamp) Date: Tue, 7 Mar 1995 16:44:09 -0600 (CST) Cc: mark@grondar.za, barry@nacm.com, hackers@freefall.cdrom.com, security@freefall.cdrom.com In-Reply-To: <199503072221.OAA26993@ref.tfs.com> from "Poul-Henning Kamp" at Mar 7, 95 02:21:43 pm X-Mailer: ELM [version 2.4beta PL9] Content-Type: text Content-Length: 2144 Sender: security-owner@FreeBSD.org Precedence: bulk > I didn't see the patch... ? Because there wasn't one. In order to get this to work, I had to bring up eBones with the DES code from Kerberos, which got me some DES functions not in the "export" version (des_new_random_key and friends I believe, details in /usr/src/secure/lib/libtelnet/enc_des.c). I also had to do a fair amount of piddling around to get the proper versions of things installed and usable, and certainly didn't have the time to waste on fixing the build process, which as far as I could make out was simply useless. Maybe pilot error. Too much crud spread out over too much of the tree. I was simply delighted that I got it to work at all, given the problems I had getting Kerberos / eBones up to begin with. And my goal was simply to get at (what I thought at the time was) something nobody else really seemed to care about. I got my crypted telnet, and several comments from Prof. George Davida about how it wasn't very secure if it depended on Kerberos. :-) But a fairly decent lock is better than no lock at all. I am certainly willing to provide copies of my source tree. It is not by any means "buildable" in a reasonable fashion, but it DOES seem to have all the basic components needed. It's several months old; I use it daily. Because of stupid governmental regulations, my offer is only open to folks whom I could legally hand a copy of DES to. Since I don't know the legal aspects any further than that, I am not interested in pursuing this any further than perhaps a cooperative cleanup effort of some sort. I don't have the time to try substituting a different type of encryption, making it work with the "exported" DES, et al. :-( Too many other fires under my butt right now. But I would be delighted to work on cleaning up the code, if someone else (particularly someone who has worked with the FreeBSD trees and is familiar with the 4.4 Makefile stuff/etc) is willing to help. ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847