Date: Tue, 25 Jun 2002 07:36:33 -0700 From: Greg Shenaut <greg@bogslab.ucdavis.edu> To: security@FreeBSD.ORG Subject: Re: The good old telnet... Message-ID: <200206251436.g5PEaX011154@thistle.bogs.org> In-Reply-To: Your message of "Tue, 25 Jun 2002 00:23:13 EDT." <20020625042313.GA75674@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20020625042313.GA75674@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>, Miroslav Pendev cleopede: >I would rather get back to the good old telnet, than waiting for someone >to log in - even with non-privileged user (as Theo said even with privsep). > >Which is the worst - clear text pass going around Internet with milions of >POP3 clear text passwords or "c'mon in...? I have encrypt enable DES_CFB64 set autodecrypt in the default .telnetrc on my machines--this causes encryption to begin before the password is transmitted. It seems to me that a little work in this direction (e.g., optionally causing telnetd to insist on encryption before any text is exchanged) could make telnet once again a viable alternative; at least would get rid of the "millions of clear text passwords" problem. But of course the god-awful telnetd exploit of last summer would still have worked, because it had nothing to do with passwords. Greg Shenaut To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206251436.g5PEaX011154>