From owner-freebsd-security  Thu May 31 17:57:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from diarmadhi.mushhaven.net (diarmadhi.mushhaven.net [209.16.107.11])
	by hub.freebsd.org (Postfix) with ESMTP id 7EBFC37B43C
	for <freebsd-security@FreeBSD.ORG>; Thu, 31 May 2001 17:57:52 -0700 (PDT)
	(envelope-from mistwolf@diarmadhi.mushhaven.net)
Received: (from mistwolf@localhost)
	by diarmadhi.mushhaven.net (8.11.3/8.11.0) id f510vJi53248;
	Thu, 31 May 2001 20:57:19 -0400 (EDT)
	(envelope-from mistwolf)
Date: Thu, 31 May 2001 20:57:19 -0400
From: Jamie Norwood <mistwolf@mushhaven.net>
To: Crist Clark <crist.clark@globalstar.com>
Cc: "f.johan.beisser" <jan@caustic.org>, Alex Holst <a@area51.dk>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd)
Message-ID: <20010531205717.A53232@mushhaven.net>
References: <Pine.BSF.4.21.0105311727160.66343-100000@pogo.caustic.org> <3B16E7D9.3E9B78FF@globalstar.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3B16E7D9.3E9B78FF@globalstar.com>; from crist.clark@globalstar.com on Thu, May 31, 2001 at 05:54:49PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, May 31, 2001 at 05:54:49PM -0700, Crist Clark wrote:
> *sigh*
> 
> You cannot 'record passphrases.' RSA authentication uses public key
> cryptography. The client, the person logging in, proves it knows a 
> secret, the private key, without ever revealing it to the server who
> only knows the public key.

I assume they meant .outgoing. keys from Sourceforge, which would, of
course, have to pass via the compromised ssh client, ne?

Jamie

> 
> The use of public key crypto allows you to log into potentially 
> untrusted servers without revealing your secret.
> -- 
> Crist J. Clark                                Network Security Engineer
> crist.clark@globalstar.com                    Globalstar, L.P.
> (408) 933-4387                                FAX: (408) 933-4926
> 
> The information contained in this e-mail message is confidential,
> intended only for the use of the individual or entity named above.  If
> the reader of this e-mail is not the intended recipient, or the employee
> or agent responsible to deliver it to the intended recipient, you are
> hereby notified that any review, dissemination, distribution or copying
> of this communication is strictly prohibited.  If you have received this
> e-mail in error, please contact postmaster@globalstar.com
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message