From owner-freebsd-security Tue Oct 12 13: 0:58 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 8316114C88; Tue, 12 Oct 1999 13:00:56 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6C3EA1CD471; Tue, 12 Oct 1999 13:00:56 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Tue, 12 Oct 1999 13:00:56 -0700 (PDT) From: Kris Kennaway To: Donald Wilde Cc: freebsd-security@freebsd.org Subject: Re: MD5 systems interacting with DES systems In-Reply-To: <3803441B.83DBFD83@thuntek.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 12 Oct 1999, Donald Wilde wrote: > I saw a hint that some routines (rlogin, etc.) will not work unless DES > is installed both ways. Are there low level (transport level) routines > which we can use with MD5 systems, or is my best answer to do the > encrypt/decrypt at the user level? I don't think this is correct. rlogin and friends do no encryption or password authentication themselves, and aren't linked against libcrypt at all. So there should be no difference whether or not you have DES installed. However... > I don't mind making all systems MD5. ...this is the way to go, unless you specifically need DES passwords (e.g. sharing passwords with commercial unices). DES is just too insecure thesedays. As for encrypted transport, which it sounds like you were talking about, you want either ssh (if the license restrictions are applicable to you - or you could port the "last truly free" version which the openbsd guys have been cleaning up in their tree), or your could go for IPSec (either in the kernel - see www.kame.net), or userspace (the pipsecd port in net/). Kris ---- XOR for AES -- join the campaign! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message