[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Encrypted TCP, telnet, etc



-----BEGIN PGP SIGNED MESSAGE-----

Just noticed this on USENET. Sorry if it's passed through cpunks lately,
but ya know, sometimes I just fall asleep while the conspiracypunks drivel
goes by, and don't notice when someone strays back to crypto.

- ---Start Msg
Newsgroups: alt.security,sci.crypt
Subject: Secure Telnet: Summary
Message-ID: <[email protected]>
From: [email protected] (Jochen Schwarze)
Date: 27 Aug 1995 16:55:09 GMT
Organization: Comp.Center (RUS), U of Stuttgart, FRG
NNTP-Posting-Host: rpool4.rus.uni-stuttgart.de
Lines: 74

Thanks to everyone who responded to my posting regarding a `secure
telnet' implementation:

    Is there a (possibly free) implementation of something like a
    "secure telnet"?  I'm looking for a way to login into a remote
    system providing secure interactive communication between the two
    hosts over (possibly insecure) Internet connections.

Here's a summary of the implementations I am now aware of:

* SSL 

There is a free implementation of Netscape's SSL Protocol (Secure
Socket Layer) by Eric Young named "SSLeay"
<ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/>.  Eric Young is also the
author of a popular DES Library.
<ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/>

SSL provides a secure authentication and encryption basis on top of
which application protocols like telnet, ftp, and http may be
transparently added <http://home.netscape.com/info/SSL.html>.
However, the RC4 encryption using a 40 bit key, which is employed by
SSL, has recently been cracked with a brute force attack, see
RISKS-17.27 <http://catless.ncl.ac.uk/Risks/17.27.html#subj1>.

A modified version of telnet that uses SSL-based authentication and
encryption is also available
<ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/>.


* Deslogin

Deslogin by Dave Barrett <[email protected]> provides a
network login service much like rlogin/rlogind.  Deslogin uses a
`challenge-response' protocol to authenticate users.  Also, all data
transmitted to and from the remote host in encrypted using the DES.
Deslogin also includes a command-line program `cipher' for fast DES
encryption. <ftp://ftp.uu.net/pub/security/des/>


* SRA Telnet 

This is a version of the SRA Telnet modified by the Technical
University of Chemnitz.  A session key is negotiated using an
uncertified Diffie-Hellman-Method and used for the encryption of UID
and password.  The complete session text in encrypted with DES in CFB
mode. <ftp://ftp.tu-chemnitz.de/pub/Local/informatik/sec_tel_ftp>


* Ssh

Ssh (Secure Shell) is a program to log into another computer over a
network, to execute commands in a remote machine, and to move files
from one machine to another.  It provides strong authentication and
secure communications over insecure channels.  Among other features,
Ssh is a complete replacement for rlogin, rsh, and
rcp. <ftp://ftp.funet.fi/pub/unix/security/ssh-1.0.0.tar.gz>


* Skey

Bell Canada's `skey' free-ware implements a one-time password system,
so that sniffers can get your ID and PW, but can't use the PW next
time. <ftp://ftp.cert.dfn.de/pub/tools/password/SKey/>


- ----------------------------------------------------------------------
I provide this information in the hope that it will be useful, but
with no claim of either completeness or correctness.  Thanks again to
all who contributed to compile the above information.

- -- 
    Jochen Schwarze
    <[email protected]>

- ---End Msg

First question: what does anyone know about these programs.
Second question: since I'm only a cyphergroupie, how can I make use
  of these programs?

Currently, I'm trying to move as many operations as I can (mix client,
mail reading, etc) to my local Linux box so that all traffic headed through
my server is already encrypted. Naturally, some of these programs
look interesting, the SSL telnet (but what about the other end?) for
example.

I noticed an announcement that DID come across cpunks:


[snip]
Announcing CryptoTCP beta version 0.9

CTCP is a public domain software package to do encrypted TCP sessions on
unix systems.  It features Diffie-Hellman key exchange with triple-DES
encryption.  This initial release is to be considered a beta version.
Bug reports or comments on security issues are invited.
[snip]

Detached signature for ctcp.0.9.tar:

- - -----BEGIN PGP MESSAGE-----
Version: 2.71828

iQCVAgUAMBqiPf32LDYerV6NAQHUoAP/RLU0mM3ydxC9vjzay8hR5Qmb5zupHyCO
klW8IYjxIt14jnBTqkVM7q+mnaAWK2Ishppe14H5K6MAn/VOe2o5Hf61wAzJuxzw
wywiA9ZOdb+2cxm86YMgdbrnv430BCbSjPITV5PHyorovSqhX4RLLB1R8oOX4WUB
5WwzgLyV6Kc=
=ltvK
- - -----END PGP MESSAGE-----


But I missed where this comes from, and I doubt I'd be able to
drop it into my Linux in anything resembling a plug-and-play
style. Anybody tried this?

Don

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMEFQdMLa+QKZS485AQENNwMAu5du39fa8Dy5qaFCV0sq2IK4kwUVGYsP
1RndpErFYQoWC6wTmz2wB4AqeDUG6OmujFPF6as9vvl6RPT3MxKcd2St7wAGllwX
p7Q0WTfPA7u2ICStsvJ/MtRMKSMQniii
=fYr3
-----END PGP SIGNATURE-----
<[email protected]>           fRee cRyPTo!   jOin the hUnt or BE tHe PrEY
PGP key - http://bert.cs.byu.edu/~don     or PubKey servers (0x994b8f39)
  June 7&14, 1995: 1st amendment repealed.  Death threats ALWAYS pgp signed
* This user insured by the Smith, Wesson, & Zimmermann insurance company *