On 14 Aug 99, at 5:43, Nick Sayer wrote: > Dave Walton wrote: > > > > If you really want to work on an encrypted telnet, check out The > > Stanford SRP Authentication Project (http://srp.stanford.edu/srp/). > > I'd love to see SRP integrated into the FreeBSD telnet/telnetd. > > Again, the problem is that there is administrative overhead - a separate > password database is required.
Yes, there is /etc/tpasswd to deal with. I guess what I should have said is that I'd love to see SRP integrated into FreeBSD (as PAM, perhaps?). Properly done, the various system utilities would keep passwd, master.passwd and tpasswd in sync, and SRP authentication/encryption would be available to telnet, ftp, or anything else. (Disclaimer: Authentication and PAM are way outside of anything I know anything about, so I really have no idea what it would take to make that work.) > Keep in mind, also, that as long as AUTHTYPE_SRP and > AUTHTYPE_SRA are different numbers, both could be present. I > would even conceed that SRP should be tried before SRA. But I'd > sure as hell rather use SRA than nothing. Ok, Nick implements SRA for folks in heterogenous NIS environments, and Kris implements SRP for those of us without that restriction. How's that for a non-cryptographic compromise? :) Unfortunately, this whole discussion ignores one ugly problem: client availability. I've never heard of SRA before, and the only non- Unix SRP telnet client I'm aware of is a hacked version of TeraTerm and only supports authentication, not encryption. Without good clients on certain unnamed widespread OS's, most people will continue to use plaintext due to a complete lack of choice. Dave ---------------------------------------------------------------------- Dave Walton Webmaster, Postmaster Nordic Entertainment Worldwide wal...@nordicdms.com http://www.nordicdms.com ---------------------------------------------------------------------- To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message