From owner-freebsd-security Tue Oct 12 13: 9:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp3.free.fr (smtp3.free.fr [212.27.32.72]) by hub.freebsd.org (Postfix) with ESMTP id 4285A14DFD; Tue, 12 Oct 1999 13:09:03 -0700 (PDT) (envelope-from m.hallgren@free.fr) Received: from roam (paris11-nas1-41-197.dial.proxad.net [212.27.41.197]) by smtp3.free.fr (8.9.3/8.9.3/Debian/GNU) with SMTP id WAA02986; Tue, 12 Oct 1999 22:08:57 +0200 Message-ID: <015101bf14ed$c4b27e60$5b014b0a@asf.fr> From: "Michael Hallgren" To: "Kris Kennaway" , "Donald Wilde" Cc: References: Subject: Re: MD5 systems interacting with DES systems Date: Tue, 12 Oct 1999 22:10:00 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Tue, 12 Oct 1999, Donald Wilde wrote: > > > I saw a hint that some routines (rlogin, etc.) will not work unless DES > > is installed both ways. Are there low level (transport level) routines > > which we can use with MD5 systems, or is my best answer to do the > > encrypt/decrypt at the user level? > > I don't think this is correct. rlogin and friends do no encryption or > password authentication themselves, and aren't linked against libcrypt at > all. So there should be no difference whether or not you have DES > installed. Berkeley r* authenticates over source address, if I'm not seriously mistaken... > However... > > > I don't mind making all systems MD5. > > ...this is the way to go, unless you specifically need DES passwords (e.g. > sharing passwords with commercial unices). DES is just too insecure > thesedays. Well,... yes... ... ;) > > As for encrypted transport, which it sounds like you were talking about, > you want either ssh (if the license restrictions are applicable to you - > or you could port the "last truly free" version which the openbsd guys > have been cleaning up in their tree), Yes, nice. SSH's a VERY good replacement for r* 'and a host of other needs). >or your could go for IPSec (either > in the kernel - see www.kame.net), or userspace (the pipsecd port in > net/). Anyone been trying out FreeS/WAN ? Cheers mh > > Kris > > ---- > XOR for AES -- join the campaign! > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message