[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Spread encryption with telnet?




Earlier, Jonathan Corbet wrote:

> It couldn't be very hard to grab a version of telnet and telnetd off the
> net and hack in some sort of encryption of the data stream.  Heck, you
> could just use the vendor's DES library on systems that have it -- perhaps
> not the most aesthetic solution, but easy.  Put in a negotiation option so
> that encryption will be used when both ends support it, and you have
> instant plug-in relatively secure telnet.
>
> Overall, this seems easy and useful enough that I'm amazed that nobody has
> done it yet.  Have I missed something?

Although not widely known, a telnet and telnetd combination of this form
were constructed by Laurie Brown at ADFA during his development of the
LOKI cipher. Draft IETF proposals were also written towards the goal of
these extended telnet options and the negotiation procedure becoming a 
standard.

In practice, it worked fine. One drawback was it required DES/LOKI
keys to be pregenerated and stored online in an analog of /etc/passwd
that the hyper-telnetd would use. The user needed to enter a password
on the telnet before the session started, and as for how the negotiation
procedures worked, I have absolutely no idea. This was some 2 years ago
now and not only are my recollections vague, but at the time I was a
'cryptovirgin' and hence wouldn't know one key exchange from another.

As for availability of this software, I don't think it was made a public
release (I obtained it from though 'other' channels that I would prefer
not to elaborate on -- and it was lost during 'cleansing'). I suggest 
getting in contact with Laurie Brown at Melbourne University, I believe 
thats his current abode. I think I will forward him a note, to satisfy
my own sense of curiosity.

Matthew.

footnote:

The Australian Defence Force Academy (ADFA) is well known for it's
cryptographic school (take a look at AUSCRYPT proceedings). It's a
stepping stone to the Defense Signals Directorate (DSD), our analog
of the NSA, though not _nearly_ as big (they do share SIGINT info
via the UKUSA agreement though). Anyway, since just recently, the
DSD is housed a stones throw from ADFA, which makes for interesting
liasons.

-- 
Matthew Gream. ph: (02)-821-2043. [email protected].
PGPMail and brown paperbags accepted. - Non Servatum -