Great Circle Associates Firewalls
(May 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: encrypted telnet sessions
From: Ben <samman @ CS . YALE . EDU>
Date: Sun, 28 May 1995 17:15:14 -0400 (EDT)
To: "Simon J. Gerraty" <sjg @ zen . void . oz . au>
Cc: firewalls @ greatcircle . com
In-reply-to: <199505281314 . XAA13514 @ zen . void . oz . au> 
On Sun, 28 May 1995, Simon J. Gerraty wrote:

> > > Has there been a better way developed to encrypt telnet session without 
> > > compromising the keys???
> > 
> > Just use some form of PKE.  Send the Public keys over the insecure 
> > channel and then encrypt the data streams with different keys.
> 
> That's what I did - added TELOPT_PKE to do RSA based exchange of DES
> keys.   Works very nicely - requires no admin at all - all keys are
> one use only...  but is vulnerable to man in the middle atatcks.

By man-in-the-middle attacks here you mean an attack in which  the 
interloper would intercept both Alice and Bob's keys and then generate a 
spurious set of keys which he would forward to Alice and Bob.

He would forward all transmissions to Alice and Bob, but at the same 
time, since he generated the keys, reads the messages passing between 
them right?

Ok, so why not use some sort of Zero Knowledge Authentication?

Ben.
References:
Indexed By Date Previous: Re: NT as a firewall. (fwd)
From: "Simon J. Gerraty" <sjg @ zen . void . oz . au>
Next: Port scan detection tool released
From: spaf @ cs . purdue . edu (Gene Spafford)
Indexed By Thread Previous: Re: encrypted telnet sessions
From: "Simon J. Gerraty" <sjg @ zen . void . oz . au>
Next: Re: encrypted telnet sessions
From: "Mark H. Teicher" <mht @ shore . net>
Google
 
Search Internet Search www.greatcircle.com