From owner-freebsd-security  Tue Jun 25  7:39:47 2002
Delivered-To: freebsd-security@freebsd.org
Received: from bogslab.ucdavis.edu (bogslab.ucdavis.edu [169.237.68.34])
	by hub.freebsd.org (Postfix) with ESMTP id 49DBC37B429
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 07:37:31 -0700 (PDT)
Received: from thistle.bogs.org (thistle.bogs.org [198.137.203.61])
	by bogslab.ucdavis.edu (8.9.3/8.9.3) with ESMTP id HAA24450
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 07:37:24 -0700 (PDT)
	(envelope-from greg@bogslab.ucdavis.edu)
Received: from thistle.bogs.org (localhost [127.0.0.1])
	by thistle.bogs.org (8.11.3/8.11.3) with ESMTP id g5PEaX011154
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 07:36:34 -0700 (PDT)
	(envelope-from greg@thistle.bogs.org)
Message-Id: <200206251436.g5PEaX011154@thistle.bogs.org>
To: security@FreeBSD.ORG
X-To: Miroslav Pendev
      <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>
X-Sender: owner-freebsd-security@FreeBSD.ORG 
Subject: Re: The good old telnet... 
In-reply-to: Your message of "Tue, 25 Jun 2002 00:23:13 EDT."
             <20020625042313.GA75674@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com> 
Reply-To: gkshenaut@ucdavis.edu
Date: Tue, 25 Jun 2002 07:36:33 -0700
From: Greg Shenaut <greg@bogslab.ucdavis.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In message <20020625042313.GA75674@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>, Miroslav Pendev cleopede:
>I would rather get back to the good old telnet, than waiting for someone
>to log in - even with non-privileged user (as Theo said even with privsep).
>
>Which is the worst - clear text pass going around Internet with milions of
>POP3 clear text passwords or "c'mon in...?

I have

 	encrypt enable DES_CFB64
 	set autodecrypt

in the default .telnetrc on my machines--this causes encryption to
begin before the password is transmitted.  It seems to me that a
little work in this direction (e.g., optionally causing telnetd to
insist on encryption before any text is exchanged) could make telnet
once again a viable alternative; at least would get rid of the
"millions of clear text passwords" problem.

But of course the god-awful telnetd exploit of last summer would
still have worked, because it had nothing to do with passwords.

Greg Shenaut

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message