In response to several requests for clarification of the following:
> How about using the SRA extended telnet/ftp package from TAMU? It
> negotiates a session key by swapping public keys generated from random
> private/public key pairs and doesn't need kerberos. Works on SunOS 4
> and 5, Linux and (as soon as I finish testing my patches) on SGI IRIX
> 4. Fairly simple to build, though it's really a proof-of-concept
> prototype at this stage and may not be appropriate in a production
> environment.
David Safford's SRA telnet/ftp package is documented in a paper at
the third Usenix security symposium. Available as
net.tamu.edu:pub/security/TAMU/sra.ps.gz
while sra.README in the same location also includes a brief
description.
Otherwise, the files to get are srasrc-1.3.tar.gz and (for those in the
US) srasrc-des-1.3.tar.gz. Fon non-US sites, the sra.README contains
pointers to alternative DES libraries; I used the DES-2.2 from Chalmers
with success (though it is not bugfree).
- --
Andras Salamon <andras @
is .
co .
za>
------- End of Forwarded Message
References:
|
|
