From owner-FreeBSD-tech-jp@jp.freebsd.org  Fri Jun  9 20:08:11 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id UAA14052;
	Fri, 9 Jun 2000 20:08:11 +0900 (JST)
	(envelope-from owner-FreeBSD-tech-jp@jp.FreeBSD.org)
Received: from ns.matatabi.or.jp (ns.matatabi.or.jp [210.163.106.162])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id UAA14047
	for <FreeBSD-tech-jp@jp.freebsd.org>; Fri, 9 Jun 2000 20:08:10 +0900 (JST)
	(envelope-from matusita@matatabi.or.jp)
Received: from localhost (localhost [127.0.0.1]) by ns.matatabi.or.jp (8.9.3/3.7W/MATATABI-1.0v7-NS1.2) with ESMTP id UAA51995 for <FreeBSD-tech-jp@jp.freebsd.org>; Fri, 9 Jun 2000 20:07:38 +0900 (JST)
	(envelope-from matusita@matatabi.or.jp)
In-Reply-To: <20000609102951.56035.qmail@k2r.org>
References: <20000609102951.56035.qmail@k2r.org>
X-Face: '*aj"d@ijeQ:/X}]oM5c5Uz{ZZZk90WPt>a^y4$cGQp8:!H\W=hSM;PuNiidkc]/%,;6VGu
 e+`&APmz|P;F~OL/QK%;P2vU>\j4X.8@i%j6[%DTs_3J,Fff0)*oHg$A.cDm&jc#pD24WK@{,"Ef!0
 P\):.2}8jo-BiZ?X&t$V
X-User-Agent: Mew/1.94.2 XEmacs/21.1 (Canyonlands)
X-FaceAnim: (-O_O-)(O_O- )(_O-  )(O-   )(-   -)(   -O)(  -O_)( -O_O)(-O_O-)
X-Fingerprint: 0C AC 93 FC E3 9D 9E 5B  3D B8 AC 5C 4A 79 D8 A6
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
X-Dispatcher: imput version 20000228(IM140)
Lines: 37
From: Makoto MATSUSHITA <matusita@matatabi.or.jp>
To: FreeBSD-tech-jp@jp.freebsd.org
Date: Fri, 09 Jun 2000 20:07:34 +0900
Message-Id: <20000609200734S.matusita@matatabi.or.jp>
Reply-To: FreeBSD-tech-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-tech-jp 2813
Subject: [FreeBSD-tech-jp 2813] Re: Secure Telnet Using SRA?
Errors-To: owner-FreeBSD-tech-jp@jp.freebsd.org
Sender: owner-FreeBSD-tech-jp@jp.freebsd.org
X-Originator: matusita@matatabi.or.jp


$B$9$G$K$G$F$^$9$,!E!E(B

kenji> $B$3$N(BSRA$B$H$O2?J*$J$N$+>pJs$r;}$C$F$$$kJ}$O65$($F$$$?$@$1$l$P9,$$$G$9!#(B

4.0-RELEASE $B$N(B RELEASE NOTES $B$K$A$g$m$C$H@bL@$,$"$k$_$?$$$G$9!%$H$j$"$((B
$B$:2?$r$9$kE[$+$H$$$&$N$O$3$l$G$o$+$j$^$9!%0J2<!$$=$$$D$+$i$NH4?h$G$9!%(B

Telnet has a new encrypted authentication mechanism called SRA. SRA
uses a Diffie-Hellmen exchange to establish a session key, then uses
that to DES encrypt the username and password. As a side effect the
session key is used to DES encrypt the session. SRA is vulnerable to
man-in-the-middle attacks, the DH parameters are on the small side,
and DES is showing its age, but the benefits are that it requires
absolutely no administrative changes to the machine to work, and is
at the very least a step up from plaintext. To use it, you need to
either use "telnet -ax" or set up a .telnetrc to enable it by default.

$B$s$G!$8@$o$l$?DL$j$K$d$C$F$_$k$H!$$3$s$J46$8$G$9!%$J$s$+$d$C$F$^$9!%(B

martini % telnet -ax host.name
Trying x.y.z.w...
Connected to host.name.
Escape character is '^]'.
Trying SRA secure login:
User (matusita):
Password:
[ SRA accepts you ]
host %
telnet> encrypt status
Currently encrypting output with DES_CFB64
Currently decrypting input with DES_CFB64

code $B$OB?J,(B src/crypto/telnet/libtelnet $B$"$?$j$K$&$^$C$F$$$=$&$G$9!%(B

-- -
Makoto `MAR' MATSUSHITA
