Date: Fri, 8 Sep 1995 08:25:34 -0500 (CDT) From: Guy Helmer <ghelmer@alpha.dsu.edu> To: Piero Serini <piero@strider.ibenet.it> Cc: Guido.vanRooij@nl.cis.philips.com, piero@strider.ibenet.it, stesin@elvisti.kiev.ua, wollman@lcs.mit.edu, security@freebsd.org Subject: Re: Do we *really* need logger(1)? Message-ID: <Pine.OSF.3.91.950908081847.18045A-100000@alpha.dsu.edu> In-Reply-To: <199509081248.OAA22923@strider.ibenet.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 8 Sep 1995, Piero Serini wrote: > Hello. > > Quoting from Guido van Rooij (Fri Sep 8 13:10:13 1995): > > I dont like a root password stored in a program. > > You can do this in a secure manner. But I agree with you. > > > Better is to have a > > diffie-hellman scheme to obtain a session key. Better yet (IMHO), use a key known only to the client and the server that, when concatenated with the data on the client, provides an MD5 signature on the data that the server can verify (like I believe NTP's protocol works) -- this avoids patent problems _and_ the US ITAR encryption export restrictions... Guy Helmer, Dakota State University Computing Services - ghelmer@alpha.dsu.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.3.91.950908081847.18045A-100000>