>Date: Thu, 07 Nov 1996 13:22:49 +0300
>From: Lawrence Beobachter <larry @
spmu .
runnet .
ru>
>Subject: Plain-text passwords
>
>Hello!
>
>I tried tcpdump on FreeBSD and it turned out that login information
>during telnet sessions as well as USER and PASS info sent by pop-client
>are both xmitted in plain text <shudder>.
>Is there any solution besides S/Key (please, include pointers) to
>block this don't-know-how-to-call-it hole.
>
>Thank you
>Regards
>
POP is supposed to allow for an MD5 encrypted password, but a majority
of POP3 servers do not support it. This is something I have always
had a problem with myself.. Telnet is a little different, because
there are no logon (authentication) schemes like there are in POP3.
Basically, every character you type, is sent across the network, you
can actually telnet into a POP3 server... Just telnet into port 110.
FTP is just as relaxed as POP3... Unfortunately a large majority of
the older protocols send passwords in clear text. IMHO Something
should be done to clean this up, and soon.
--
------------------------------------------------------------------------
Kyle Mallory | What would happen if a big asteroid hit the
DNS Manager, Telcom | Earth? Judging from realistic simulations
University of Utah | involving a sledge hammer and a common
Voice: (801) 585-9867 | frog, we can assume it will be pretty bad.
Pager: (801) 241-2183 |
kmallory @
telcom .
utah .
edu | -- Dave Barry
------------------------------------------------------------------------
Follow-Ups:
|
|
