Date: Tue, 12 Oct 1999 13:00:56 -0700 (PDT) From: Kris Kennaway <kris@hub.freebsd.org> To: Donald Wilde <dwilde1@thuntek.net> Cc: freebsd-security@freebsd.org Subject: Re: MD5 systems interacting with DES systems Message-ID: <Pine.BSF.4.10.9910121253390.89607-100000@hub.freebsd.org> In-Reply-To: <3803441B.83DBFD83@thuntek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Oct 1999, Donald Wilde wrote: > I saw a hint that some routines (rlogin, etc.) will not work unless DES > is installed both ways. Are there low level (transport level) routines > which we can use with MD5 systems, or is my best answer to do the > encrypt/decrypt at the user level? I don't think this is correct. rlogin and friends do no encryption or password authentication themselves, and aren't linked against libcrypt at all. So there should be no difference whether or not you have DES installed. However... > I don't mind making all systems MD5. ...this is the way to go, unless you specifically need DES passwords (e.g. sharing passwords with commercial unices). DES is just too insecure thesedays. As for encrypted transport, which it sounds like you were talking about, you want either ssh (if the license restrictions are applicable to you - or you could port the "last truly free" version which the openbsd guys have been cleaning up in their tree), or your could go for IPSec (either in the kernel - see www.kame.net), or userspace (the pipsecd port in net/). Kris ---- XOR for AES -- join the campaign! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910121253390.89607-100000>