On Fri, 8 Nov 1996, Todd Graham Lewis wrote:
> > deslogin is pretty good to, and unlike S/Key or SSH, I know of noone who
> > has found methods to attack it succesfully.
> Cool; I'll look into it.
I think you can find it at ftp.uu.net
otherwise www search engines.
> > Make sure you are using Kerb5 at least, although reportedly there are
> > exploits for Kerb5. Kerb4 should be considered broken IMO.
> Definitely. If you use kerberos, be sure to get the latest beta of
> version 5 from MIT. Most vendors' stock versions are still v4 (groan),
> not that we'd run vendor versions of important software anyway. (Anyone
> out there running stock sendmail on a solaris box? 8^)
The problem is not entirely implementation, but also design. The
reliance upon a "secure" time service mechanism is troublesome. Also
there is a problem with a known plaintext attack last time I looked.
This doesn't even touch implementation problems, specific to the actual
code and not design.
> Same as ssh; secure access to server and other machines, with all the
> bells and whistles that kerberos gives you.
And all the headache and troubles too. At least your safe from kiddie
hackers, even if a suitably competent person could pull of an attack.
Craig Brozefsky cosmo @
System Administrator vox: 312-226-1675
*****available for limited time only in this dimension****