A note about a package that uses D-H to generate a key for telnet and ftp authentication. Has anyone here played with it? Richard ------- Forwarded Message Subject: SRA telnet and ftp Date: Tue, 24 May 1994 08:57:40 -0400 To: Firewalls@GreatCircle.COM From: bukys@cs.rochester.edu After hearing about David Safford's SRA telnet/ftp package from numerous sources, I finally went and got a copy (from ftp://net.tamu.edu/pub/security/TA MU). It's nice work. I would like to clarify one point, though: This package uses the Diffie-Hellman code from the Secure RPC implementation, to securely compute a session key which the SRA code uses to encrypt an authentication transaction. The code does NOT use the session key to encrypt the whole session. It would probably be relatively easy to add, but it's not in there in the current code. This is from my perusal of the code, and correspondence with the author. FYI ------- End of Forwarded Message