Firewalls: Re: Plain-text passwords

Firewalls
(November 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Plain-text passwords
From:	"Jonathan M. Bresler" <jmb @ FRB . GOV>
Date:	Thu, 07 Nov 1996 16:05:38 -0500
To:	Lawrence Beobachter <larry @ spmu . runnet . ru>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	Your message of "Thu, 07 Nov 1996 13:22:49 +0300." <3281B879 . 4191 @ spmu . runnet . ru>

>I tried tcpdump on FreeBSD and it turned out that login information
>during telnet sessions as well as USER and PASS info sent by pop-client
>are both xmitted in plain text <shudder>.

	Please realize that this is true of all internet applications 
that do not use encryption.  (telnet, ftp, pop, X11, there are so 
many to chose from ;)


>Is there any solution besides S/Key (please, include pointers) to
>block this don't-know-how-to-call-it hole.

	skey provides a one-time passwd, but does not provide encryption.
take a look at ssh for one way of dealing with this problem.

	http://www.cs.hut.fi/ssh/

jmb

-- 
Jonathan M. Bresler             202-452-2831                 breslerj @
 frb .
 gov
MS-169          Federal Reserve Board of Governors        Washington DC 20551
Speaking for myself.  Others speak for the Federal Reserve Board of Governors

Follow-Ups:

Re: Plain-text passwords
From: Todd Graham Lewis <lists @ reflections . mindspring . com>

References:

Plain-text passwords
From: Lawrence Beobachter <larry @ spmu . runnet . ru>

Indexed By Date	Previous:	defense against SYN floods on FreeBSD? From: "Ian Kallen" <ian @ gamespot . com>
Indexed By Date	Next:	Re: POP3 proxy From: Craig Brozefsky <cosmo @ ebs . net>
Indexed By Thread	Previous:	Re: Plain-text passwords From: peter @ baileynm . com (Peter da Silva)
Indexed By Thread	Next:	Re: Plain-text passwords From: Todd Graham Lewis <lists @ reflections . mindspring . com>