svn commit: r279603 - in head: bin/rcp usr.bin/rlogin usr.bin/rsh
Benjamin Kaduk
bjkfbsd at gmail.com
Thu Mar 5 15:11:46 UTC 2015
On Thu, Mar 5, 2015 at 9:40 AM, Slawa Olhovchenkov <slw at zxy.spb.ru> wrote:
> On Thu, Mar 05, 2015 at 02:20:59PM +0000, David Chisnall wrote:
>
> > Does telnet come with a massive selection of options for insecure login
> / authentication? Yes.
>
> This is may right to use or not to use secure or not secure login /
> authentication.
> Also, I am use telnet login for check kerberos authentication (ssh
> kerberos authentication (SSO) broken 10 years ago. nobody care).
>
Other people are covering the rest of the issues, so I will cover just this
one point.
telnet with kerberos authentication was broken 15 years ago, by the EFF's
Deep Crack and its successors. Kerberized telnet supports only DES, which
has not been secure for a long time. The last I heard, $50 would buy you a
DES key brute-force with a day turnaround.
Speaking as an upstream maintainer: don't use kerberized telnet.
I use kerberized ssh all the time; please tell me more about how it is
broken (a new thread would be best).
-Ben Kaduk
More information about the svn-src-head
mailing list