Very Computer

Jay has the following to say:
Does anyone have some info on encrypted telnet? Could ya please
send it to me or post it?

Thanks

jay

- Mark
--
Mark Dadgar             | If we had thought something this big was
Network/Systems Admin.  | going to happen to us, do you think we would
NeXT Computer, Inc.     | have called ourselves TOAD THE WET SPROCKET?!

                Here I am, NOT speaking for NeXT.

I haven't seen any publically available packages, although something
like Netlock or Isolation Systems would have the capability to do
both clear-text & encrypted sessions.. If you need any information
about the products, feel free to mail me you address,etc & I'll get some
stuff in the mail to you.

Jeromie
Garrison Associates      Digital Crime Prevention Specialists

Here some remarks on this software:
We found sra.tar on a CD some weeks ago but unfortunately some files were
corrupt. After looking round for a while we found an intact version at a
Japanese FTP server. This release didn't contain the DES code. That's why we
build a separate freely available DES library and linked all together.
We omitted the Kerberos specific parts and concentrated on SRA only.
SRA is quite an efficient technique. You can read about it in a paper
by its authors included in this release.
After several little modifications in various files Telnet and FTP worked
as we had intended. That means it supports on demand authentication as well as
encryption. We have been using this software for about two weeks now
and we are very satisfied. It seems to be quite reliable.

At the moment we think of replacing DES with IDEA but we are not sure yet whether
this will be done or not. It mainly depends on the amount of work required.

It's possible to get the sources from us. If you're interested send us a
mail. It would be possible to distribute the package as a MIME mail or put it
on our FTP server. This will depend on the number of people interested in it
and their choices.

--
===============================================================
Name       : Holger Trapp
Institution: Technical University of Chemnitz-Zwickau
             Faculty of Computer Science

Which shortcoming(s) of Kerberos was SRA meant to fix?

LT

Quote:> As part of the TAMU security package you are offered "sra.tar". This
> archive contains modified BSD sources for Telnet and FTP (clients
> and daemons included). This new Telnet optionally supports authentication
> and encryption and FTP supports authentication only. Authentication
> avoids sending user id and password as clear text. Three modes of
> authentication are possible: Kerberos 4, Kerberos 5 and SRA.
> SRA (Secure RPC Authentication) is a TAMU specific option and uses the
> Diffie-Hellman algorithm to exchange a common session key at the beginning
> of a session. The same idea is to be found with Sun's Secure RPC (RFC 1057).
> This common session key is used to encrypt the uid and the password.
> Here some remarks on this software:
> We found sra.tar on a CD some weeks ago but unfortunately some files were
> corrupt. After looking round for a while we found an intact version at a
> Japanese FTP server. This release didn't contain the DES code. That's why we
> build a separate freely available DES library and linked all together.
> We omitted the Kerberos specific parts and concentrated on SRA only.
> SRA is quite an efficient technique. You can read about it in a paper
> by its authors included in this release.
> After several little modifications in various files Telnet and FTP worked
> as we had intended. That means it supports on demand authentication as well as
> encryption. We have been using this software for about two weeks now
> and we are very satisfied. It seems to be quite reliable.
> At the moment we think of replacing DES with IDEA but we are not sure yet whether
> this will be done or not. It mainly depends on the amount of work required.
> It's possible to get the sources from us. If you're interested send us a
> mail. It would be possible to distribute the package as a MIME mail or put it
> on our FTP server. This will depend on the number of people interested in it
> and their choices.
> --
> ===============================================================
> Name       : Holger Trapp
> Institution: Technical University of Chemnitz-Zwickau
>              Faculty of Computer Science

GJC

Take a look at the work by Lawrie Brown from the Australian Defence Force Academy.

ftp.adfa.oz.au:/pub/security/adfa-telnet

I don't know whether it is generally available.

David Denton
ANSTO
Sydney
Australia

   ] Note that the particular exchange used by SRA (which has a poor choice
   ] of the specific 192 bit diffie-helman modulus used) has been
   ] cryptographically broken.

Anybody know what currently are pretty secure modulus and root?
Currently SRA uses a root of 3 and modulus of

  d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b

Any references?

It is easy to change the code to use more secure modulus.

Thanks, Delman.
--
______________________________________________________________________

  Delman Lee                             Tel.: +1-215-662-6780
  Medical Image Processing Group         Fax.: +1-215-898-9145

______________________________________________________________________

Quote:> > >Which shortcoming(s) of Kerberos was SRA meant to fix?

> > No shortcomings, per say.  The diffie-helman exchange used by SRA
> > permits a server and client to agree on a secret key without knowing
> > anything about each other ahead of time.  Kerberos requires
> > configuration of a kerberos server and population of the server's
> > database with client and server keys.

  Secure RPC Authentication (SRA) for Telnet and FTP

"... These techniques, however, have several drawbacks, including technical
complexity, poor vendor support, and organizational problems. This paper
presents SRA, a very simple and tested technique based on Secure RPC which,
while certainly not as strong as RSA, is reasonably strong, fast, and trivial
to implement immediately for both inter and intra-domain communications."

You can get this paper (sra.ps) on several FTP servers. It's also part of the
source distribution.

Quote:

> > Note that the particular exchange used by SRA (which has a poor choice
> > of the specific 192 bit diffie-helman modulus used) has been
> > cryptographically broken.
> > --
> > Jeff Hayward

Another lightweight solution is S/Key.

===============================================================
Name       : Holger Trapp
Institution: Technical University of Chemnitz-Zwickau
             Faculty of Computer Science
             Chair of Computer Networks and Distributed Systems
Address    : 09107 Chemnitz
Location   : Strasse der Nationen 62
Phone      : +49 371 531 1379
Fax        : +49 371 531 1628

===============================================================

Quote:>This paper
>presents SRA, a very simple and tested technique based on Secure RPC which,
>while certainly not as strong as RSA, is reasonably strong, fast, and trivial
>to implement immediately for both inter and intra-domain communications."

>You can read about weaknesses of Kerberos as well. I suppose you won't
>get absolute security with it. But it's much more expensive than SRA.
>In our opinion SRA is a good compromise at the moment.

There is no cryptographic attack on Kerberos that I know of which has
been proven to work - that is, one which has actually broken or forged
a kerberos ticket.

There is a well-known, published attack on SRA.  It can *always* be
broken, in under a few minutes on a PC class machine.  This is a
severe weakness.  I grant you it's better than passwords in the clear,
but not by much.  Anyone who can sniff packets can break SRA
exchanges.

A Diffie-Helman exchange with a more circumspect choice of modulus
would be much preferred.  This would still leave a man-in-the-middle
attack open, but that requires much more access on the part of the
attacker to be successful.  There's also the issue of the
Diffie-Helman patent to be considered.

Your points about the complexity and cost of administering a kerberos
infrastructure vs the simplicity of Diffie-Helman are otherwise well
made.

--
Jeff Hayward