Site Navigation

Date:      Sat, 14 Aug 1999 05:43:29 -0700
From:      Nick Sayer <nsayer@quack.kfu.com>
To:        walton@nordicrecords.com
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Whither makefiles for src/crypto/telnet/* ?
Message-ID:  <37B56471.E6227C20@quack.kfu.com>
References:  <19990814064443.21756.qmail@modgud.nordicrecords.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Dave Walton wrote:
> 
> If you really want to work on an encrypted telnet, check out The
> Stanford SRP Authentication Project (http://srp.stanford.edu/srp/).
> I'd love to see SRP integrated into the FreeBSD telnet/telnetd.

Again, the problem is that there is administrative overhead - a separate
password database is required. It is certainly _also_ a candidate to be
included (they can all live side by side), but it does not replace the
need that SRA fills.

SPK requires a separate database because the server needs to know what
the password actually is, not just that the one that was typed is
correct. Unix passwords are not suitable because you can't turn
hamburger back into steak by running the grinder backwards. :-)

When both sides of a conversation have a shared secret, you can assure
mutual authentication in a way that is not possible with straight
Diffie-Hellman. But Unix passwords can't be considered a shared secret
because the server doesn't actually know what the password is. It merely
knows when an attempt is correct.

A workaround for this is to supply the password salt to the client early
in an authentication protocol, then treat the encrypted password as
a shared secret. That works, except that more and more unixes are
starting
to use non-portable crypt() procedures. The client has to have the same
crypt() as the server in order for the authentication to succeed.
Users with $x salts would not be able to log in from non-FreeBSD
machines
unless our crypt() was compiled into their telnet.
[-- Attachment #2 --]
0�a	*�H��

��R0�N

10	+0	*�H��


��
0��0�5�

�0
	*�H��


0��10	UZA10UWestern Cape10UDurbanville10U
Thawte Consulting1)0'U Thawte PF RSA IK 1998.9.16 17:551604U-Thawte Personal Freemail RSA Issuer 1998.9.160
990630184918Z
000629184918Z0F10UThawte Freemail Member1#0!	*�H��

	
nsayer@quack.kfu.com0��0
	*�H��



��0�����=�iI�����ڠI𔳵H�D��s���蠭����s�-�ﻌ˗粷�Qxӳ��>�g,�a+c$��%	��/�u�U�,�
�,�	���ѿ�2܊1n�|����:ѓ�JN1#f����(̔�U

�T0R0	`�H
��B

�0U

��0U

�00U#0��>`�k���3���X�q8��0
	*�H��


��g���p�5}� o��k<8a���'G�S�=��X�f+�]4�*]9͡O�ɱ���?^6eF���>�	���0��4�}�x��44�Nmv2x�ƴ��p�Q����B�^�ϑ��ڽ���z'�?j˘��ܰ[0�90���


0
	*�H��


0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��

	
personal-freemail@thawte.com0
980916175534Z
000915175534Z0��10	UZA10UWestern Cape10UDurbanville10U
Thawte Consulting1)0'U Thawte PF RSA IK 1998.9.16 17:551604U-Thawte Personal Freemail RSA Issuer 1998.9.160��0
	*�H��



��0����ĥ����_�!}$��k�� �k�Г$��h��,O�g��CA#�0�v��������1���P&T�(����⸛��2�<	lO�5O�v�OE`���А
�ɜ�R�*�56<<�5/

�7050U

�0

�
0U#0�rI�s4�U�vr�~w��Ʋ0
	*�H��


��,ǂ
C>��i\�d������+˛P�@��º�v�<�@�U��U�y�
)���W(>�����
�X�[-��3��X5vr)�B�Z�w_�'ۚ-N��ҍV����eޕ��S���k�"z+a�Ÿ^zZ1�0�

0��0��10	UZA10UWestern Cape10UDurbanville10U
Thawte Consulting1)0'U Thawte PF RSA IK 1998.9.16 17:551604U-Thawte Personal Freemail RSA Issuer 1998.9.16
�0	+���0	*�H��

	1	*�H��


0	*�H��

	1
990814124333Z0#	*�H��

	1S8����8��
��E�Ư0R	*�H��

	1E0C0
*�H��
0*�H��
�0+0
*�H��

@0
*�H��

(0
	*�H��



��"�RH�G�E��׬������k8��������:�f�����H@v���V�Q����hy�:ۂfw�E�\���8���S�� ���b����nrI��b����G榐+��xȭ��y%��8' ��+

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37B56471.E6227C20>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact