Re: Wow, what a key!
There is a 'pick her locks' joke here, but I'm not going to make it.
There is a 'pick her locks' joke here, but I'm not going to make it.
Another Floydian slip I see. Or is just another pick in the wall? --Tim, who apologizes for these wastes of bandwidth but notes that Cyperpunks seem less interested in software and more interested in housing projects, guns, Oldsmobiles, and NSA manuals these days. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
On Mon, 25 Apr 1994, Timothy C. May wrote:
There is a 'pick her locks' joke here, but I'm not going to make it.
Another Floydian slip I see. Or is just another pick in the wall?
--Tim, who apologizes for these wastes of bandwidth but notes that Cyperpunks seem less interested in software and more interested in housing projects, guns, Oldsmobiles, and NSA manuals these days.
While I will say that guns and housing projects are important topics, as well as the loss of our individual freedoms, I will agree with my esteemed colleague from the great state of California that this list *is* about writing code, etc. In that spirit, spurred on by my f**king netcom account being broken into by some idiot with a packet sniffer, I've been looking into hacking "pgptalk" (actually, ytalk with a popen() call to pgp and D-H key exchange) to provide the same sort of functionality for telnet. The target platforms are SunOS (which is what netcom runs) and linux. On first investigation, it doesn't look too hard to do the D-H key exchange stuff, as they are separated out into separate modules. I've got the source for telnet/telnetd, and have added enhancements (like blasting out /etc/issue on connect), so I hope it won't be to difficult a project. Sure would be nice to be able to do it in such a way that doesn't violate ITAR. Does anyone know if D-H key exchange qualifies as restricted under the ITAR? I can always do a popen() to pgp like ytalk does, and let the buyer be responsible for getting their hands on PGP or a look-alike.
Ed Carp says:
In that spirit, spurred on by my f**king netcom account being broken into by some idiot with a packet sniffer, I've been looking into hacking "pgptalk" (actually, ytalk with a popen() call to pgp and D-H key exchange) to provide the same sort of functionality for telnet. The target platforms are SunOS (which is what netcom runs) and linux.
As I've mentioned previously to people, there is an actual, live, honest to god RFC for doing authentication and encryption of telnet sessions, and the 4.4 BSD release contains the actual, honest to god code. I would suggest looking at that before reinventing the wheel. All sites ought to support it -- its a big win. Perry
On Mon, 25 Apr 1994, Perry E. Metzger wrote:
Ed Carp says:
In that spirit, spurred on by my f**king netcom account being broken into by some idiot with a packet sniffer, I've been looking into hacking "pgptalk" (actually, ytalk with a popen() call to pgp and D-H key exchange) to provide the same sort of functionality for telnet. The target platforms are SunOS (which is what netcom runs) and linux.
As I've mentioned previously to people, there is an actual, live, honest to god RFC for doing authentication and encryption of telnet sessions, and the 4.4 BSD release contains the actual, honest to god code. I would suggest looking at that before reinventing the wheel. All sites ought to support it -- its a big win.
Well, last time I looked for it, I couldn't find it. And doesn't it use DES? What does it use for key exchange? I'd also have to hack it quite a bit to port it to linux, I think. But if you could point me to an FTP site that has the code, I'd be willing to look at it. Come to think of it, the last time I looked, I *did* find it on a Walnut Creek CD-ROM FTP server - but it wasn't complete, and it had no instructions for adding the DES code. Could you refer me to a site that has the COMPLETE code, ready-to-build?
Ed Carp says:
As I've mentioned previously to people, there is an actual, live, honest to god RFC for doing authentication and encryption of telnet sessions, and the 4.4 BSD release contains the actual, honest to god code. I would suggest looking at that before reinventing the wheel. All sites ought to support it -- its a big win.
Well, last time I looked for it, I couldn't find it. And doesn't it use DES?
The RFC doesn't specify an encryption system. Its been a while since I've looked at the Cray code.
What does it use for key exchange?
I don't believe the Cray implementation had a key exchange system, but I believe that hooks for one were present in the protocol.
I'd also have to hack it quite a bit to port it to linux, I think.
I believe Linux has a fairly conventional sockets library. In any case, Jim Thompson has promised us an improved version of the code, so I'd wait for his hacks... Perry
Perry E. Metzger writes:
As I've mentioned previously to people, there is an actual, live, honest to god RFC for doing authentication and encryption of telnet sessions, and the 4.4 BSD release contains the actual, honest to god code. I would suggest looking at that before reinventing the wheel. All sites ought to support it -- its a big win.
Ed Carp says:
Well, last time I looked for it, I couldn't find it. And doesn't it use DES?
Not sure whether you mean the RFCs or the 4.4 BSD code. Anyway, here are a few related RFCs: 1416 E D. Borman, "Telnet Authentication Option", 02/01/1993. (Pages=7) (Format=.txt) (Obsoletes RFC1409) 1412 E K. Alagappan, "Telnet Authentication : SPX", 01/27/1993. (Pages=4) (Format=.txt) 1411 E D. Borman, "Telnet Authentication: Kerberos Version 4", 01/26/1993. (Pages=4) (Format=.txt) The text is available from ftp://ds.internic.net/rfc/rfc####.txt. Hope it helps... -- Martin Janzen janzen@idacom.hp.com
Which RFC, and where might I get a copy? ++PLS ---------- On Mon, 25 Apr 1994, Perry E. Metzger wrote:
As I've mentioned previously to people, there is an actual, live, honest to god RFC for doing authentication and encryption of telnet sessions, and the 4.4 BSD release contains the actual, honest to god code. I would suggest looking at that before reinventing the wheel. All sites ought to support it -- its a big win.
Perry
Paul Schauble says:
Which RFC, and where might I get a copy?
Don't know off hand; I don't have a mirror of them handly as I usually do. As usual, however, the RFC index should list them. Also check the internet drafts. Try ftp.uu.net; they mirror all RFCs and internet drafts. Perry
participants (6)
-
Ed Carp -
jim@Tadpole.COM -
Martin Janzen -
Paul Schauble -
Perry E. Metzger -
tcmay@netcom.com