1994-02-14 - Re: Spread encryption with telnet?

Header Data

From: mgream@acacia.itd.uts.edu.au (Matthew Gream)
To: corbet@stout.atd.ucar.EDU (Jonathan Corbet)
Message Hash: 7a8e2bae895894967662a9e136f1933fc50e251d721bfe5a6a90b7edb3e4d3f7
Message ID: <9402140255.AA14252@acacia.itd.uts.EDU.AU>
Reply To: <199402140135.SAA04509@stout.atd.ucar.EDU>
UTC Datetime: 1994-02-14 03:01:15 UTC
Raw Date: Sun, 13 Feb 94 19:01:15 PST

Raw message

From: mgream@acacia.itd.uts.edu.au (Matthew Gream)
Date: Sun, 13 Feb 94 19:01:15 PST
To: corbet@stout.atd.ucar.EDU (Jonathan Corbet)
Subject: Re: Spread encryption with telnet?
In-Reply-To: <199402140135.SAA04509@stout.atd.ucar.EDU>
Message-ID: <9402140255.AA14252@acacia.itd.uts.EDU.AU>
MIME-Version: 1.0
Content-Type: text/plain



Earlier, Jonathan Corbet wrote:

> It couldn't be very hard to grab a version of telnet and telnetd off the
> net and hack in some sort of encryption of the data stream.  Heck, you
> could just use the vendor's DES library on systems that have it -- perhaps
> not the most aesthetic solution, but easy.  Put in a negotiation option so
> that encryption will be used when both ends support it, and you have
> instant plug-in relatively secure telnet.
>
> Overall, this seems easy and useful enough that I'm amazed that nobody has
> done it yet.  Have I missed something?

Although not widely known, a telnet and telnetd combination of this form
were constructed by Laurie Brown at ADFA during his development of the
LOKI cipher. Draft IETF proposals were also written towards the goal of
these extended telnet options and the negotiation procedure becoming a 
standard.

In practice, it worked fine. One drawback was it required DES/LOKI
keys to be pregenerated and stored online in an analog of /etc/passwd
that the hyper-telnetd would use. The user needed to enter a password
on the telnet before the session started, and as for how the negotiation
procedures worked, I have absolutely no idea. This was some 2 years ago
now and not only are my recollections vague, but at the time I was a
'cryptovirgin' and hence wouldn't know one key exchange from another.

As for availability of this software, I don't think it was made a public
release (I obtained it from though 'other' channels that I would prefer
not to elaborate on -- and it was lost during 'cleansing'). I suggest 
getting in contact with Laurie Brown at Melbourne University, I believe 
thats his current abode. I think I will forward him a note, to satisfy
my own sense of curiosity.

Matthew.

footnote:

The Australian Defence Force Academy (ADFA) is well known for it's
cryptographic school (take a look at AUSCRYPT proceedings). It's a
stepping stone to the Defense Signals Directorate (DSD), our analog
of the NSA, though not _nearly_ as big (they do share SIGINT info
via the UKUSA agreement though). Anyway, since just recently, the
DSD is housed a stones throw from ADFA, which makes for interesting
liasons.

-- 
Matthew Gream. ph: (02)-821-2043. M.Gream@uts.edu.au.
PGPMail and brown paperbags accepted. - Non Servatum -





Thread