From owner-freebsd-security Sun Feb 26 12:15:24 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id MAA02016 for security-outgoing; Sun, 26 Feb 1995 12:15:24 -0800 Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.20.4]) by freefall.cdrom.com (8.6.9/8.6.6) with SMTP id MAA02010; Sun, 26 Feb 1995 12:15:22 -0800 Received: by brasil.moneng.mei.com (4.1/SMI-4.1) id AA06755; Sun, 26 Feb 95 14:14:08 CST From: Joe Greco Message-Id: <9502262014.AA06755@brasil.moneng.mei.com> Subject: Re: key exchange for rlogin/telnet services? To: jkh@freefall.cdrom.com (Jordan K. Hubbard) Date: Sun, 26 Feb 1995 14:14:07 -0600 (CST) Cc: hackers@freefall.cdrom.com, security@freefall.cdrom.com In-Reply-To: <199502261913.LAA29658@freefall.cdrom.com> from "Jordan K. Hubbard" at Feb 26, 95 11:13:06 am X-Mailer: ELM [version 2.4beta PL9] Content-Type: text Content-Length: 1571 Sender: security-owner@FreeBSD.org Precedence: bulk > You know the problem. You're sitting down at USENIX or your friend Bob's > in Minnesota or some other gawdforsaken place and you have no way of knowing > whether or not that password you just typed to log in to freefall was just > sniffed by the entire undergraduate class of the local university (or their > bored ISP). You can't set up a kerberos realm with everyone, so what you'd > really just like to do is ensure that the endpoints are reasonably secure > and encrypt everything going in between. A friend recerntly suggested a > method for which my knowledge of the spelling may be incomplete, but > I'll try: "Diffie-Hellman key exchange." Apparently you start out with > a key pair on each end and then each raise eacy to the power of the other's > public half and used the information derived to secure the link. > > Do any of you security weenies out there know what I'm talking about? > Am I making any sense? Should I be locked up by the NSA for even suggesting > this? > > Jordan This could be worthwhile, if possible... I'm using Kerberos for this purpose now, and it's a tad exasperating because the primary reason I installed it was so I could get encrypted telnet (yes, it was a lotta hacking, rip the DES code out of Kerberos, toss it in eBones, build, hack on the usr/src/secure programs for the better part of a day, etc). ... Joe ------------------------------------------------------------------------------- Joe Greco - Systems Administrator jgreco@ns.sol.net Solaria Public Access UNIX - Milwaukee, WI 414/342-4847