Just noticed that messages from the Radiator list are coming in flagged as RBL filtered from input.orbs.org: [logs]# rblcheck 209.61.182.19 not RBL filtered by blackholes.mail-abuse.org not RBL filtered by relays.mail-abuse.org not RBL filtered by dialups.mail-abuse.org RBL filtered by inputs.orbs.org not RBL filtered by outputs.orbs.org [logs]# host 209.61.182.19 19.182.61.209.IN-ADDR.ARPA domain name pointer server1.open.com.au -----Original Message----- From: Ingvar Berg (EIP) <[EMAIL PROTECTED]> To: Radiator List <[EMAIL PROTECTED]> Date: Friday, May 18, 2001 3:09 AM Subject: [UCE RBL] RE: (RADIATOR) CHAP >> -----Original Message----- >> From: Mariano Absatz [mailto:[EMAIL PROTECTED]] >> Sent: den 16 maj 2001 16:13 >> To: Ingvar Berg (EIP) >> Cc: Radiator List >> Subject: RE: (RADIATOR) CHAP >> >> >> El 16 May 2001, a las 9:08, Ingvar Berg (EIP) escribió: >> >> > Or rather: you have to be able to decrypt them in Radiator, before >> > using them. I'm not sure if you can do this with a hook, or if you >> > need to hack the basic code in Radiator (i.e. persuade Mike >> or Hugh to >> > do some fun coding...) >> or DIY :-)... but the point here is that most of the >> encryption schemes >> used for storing passwords are one way hash fucntions (one >> way beeing the >> key point here). > >=> You need to have control over this as well! >> >> You can't (without a considerable computational effort far beyond an >> authentication server) get the original password from the >> encrypted one. >> >> If you were to use a two way encryption scheme, it would have >> to encrypt >> and decrypt with the same key (if it uses a symmetric >> algorithm like DES, >> DES3, or the like) or encrypt with one key and decrypt with >> another, both >> generated as a pair (conventionally, one is supposed to be >> public and the >> other private). > >There are several good symmetrical encryption algorithms, yepp. >> >> The point is that this way, you should put the (master) >> decryption key >> "open" in the radiator config file, so you just moved the >> weak point to >> another place. > >You could keep the key inside your crypto-accelerator box >> >> Now, if you, for instance, keep the passwords in a public >> open database > >You should restrict access to it as much as possible anyway, of course. > >/Ingvar > >> (or LDAP tree or whatever) where anyone can see it and you >> can keep you >> radiator configuration file really secure (i.e. mode 400 root owned >> inside a mode 500 root owned directory and a really controlled set of >> trustable people knowing the root password), you (or Mike) >> could do it. >> >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.