1996-02-20 - Internet Privacy Guaranteed
Header Data
From: “James M. Cobb” <jcobb@ahcbsd1.ovnet.com>
To: cypherpunks@toad.com
Message Hash: ef5694a612139eb6642dee6bb811f8985dc042fda8c9700bd3244f0c93996f60
Message ID: <Pine.BSD.3.91.960220133835.13539C@ahcbsd1.ovnet.com>
Reply To: N/A
UTC Datetime: 1996-02-20 21:04:54 UTC
Raw Date: Wed, 21 Feb 1996 05:04:54 +0800
Raw message
From: "James M. Cobb" <jcobb@ahcbsd1.ovnet.com>
Date: Wed, 21 Feb 1996 05:04:54 +0800
To: cypherpunks@toad.com
Subject: Internet Privacy Guaranteed
Message-ID: <Pine.BSD.3.91.960220133835.13539C@ahcbsd1.ovnet.com>
MIME-Version: 1.0
Content-Type: text/plain
Friend,
(KEY #1)
Date: Mon, 19 Feb 1996 20:01:06 -0500
From: "Perry E. Metzger" <perry@piermont.com>
To: IPG Sales <ipgsales@cyberstation.net>
Cc: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
[snip]
> ...keymanagem,ent makes RSA systems unmanageable for large
> organizations - offer such a suystem to Merrill Lynch and be
> laughed out of the office....
[snip]
Even private key systems are quite workable. I actually work
with these firms [large organizations] -- its what I do for a
living. They have existing systems based on KDCs (do you even
know what a KDC is?) and they function just fine. As for public
key technologies, they [large organizations] are in many cases
implementing technologies based on public key system.
[snip]
(KEY #2)
Date: Mon, 19 Feb 1996 20:37:42 -0500
From: "Perry E. Metzger" <perry@piermont.com>
To: IPG Sales <ipgsales@cyberstation.net>
Cc: cypherpunks@toad.com
Subject: Re: Internet Privacy Guaranteed ad (POTP Jr.)
[snip]
IPG Sales writes:
> there is no need in talking in circles - You may think that
> you know everything there is to know about encryption, but
> believe me, there is a lot more for you to learn - I do not
> now what KDC's are,
Key Distribution Centers, the center of Needham-Schroeder and
similar key management protocols, like the Kerberos protocols.
[snip]
(KEY #3)
Date: Tue, 20 Feb 1996 01:28:01 -0700
From: Nelson Minar <nelson@santafe.edu>
To: cypherpunks@toad.com
Subject: breakable session keys in Kerberos v4
I'm a bit suprised this hasn't turned up yet on Cypherpunks. A couple
of forwarded messages: first, an announcement made Fri Feb 16 by Gene
Spafford at COAST about an exploitable flaw they've found in Kerberos,
and then a comment on the www-security list that it is due to a bad
random number generator. Same old story!
The message (lifted from the COAST web site)
[snip]
(a comment I found in reply [to the COAST message])
------- Start of forwarded message -------
From: jis@mit.edu (Jeffrey I. Schiller)
Subject: Re: Kerberos Vulnerability
Newsgroups: hks.lists.www-security
Date: 19 Feb 1996 21:42:08 -0500
Organization: HKS, Inc.
Path: hks.net!news-mail-gateway!owner-www-security
Lines: 8
Sender: root@hks.net
Message-ID: <ad4e9fc40602100421be@[18.162.1.1]>
NNTP-Posting-Host: bb.hks.net
There will be a fix distributed by MIT later this week. The problem is
that the random number generator in V4 is worse then we thought! The
fix is to retrofit the V5 generator (which is decent) into the V4 KDC.
Note: Only the KDC needs to be updated, clients and servers are unaf-
fected.
-Jeff
------- End of forwarded message -------
(KEY #4)
Kerberos offers a better network security model than ignoring
network security entirely. Unfortunately, it is plagued with
holes, from windows that remain "authenticated" for hours while
the user is at lunch, to passwords that are stored in plain text
on the authentication server.
Page 553 of:
Evi Nemeth, Garth Snyder, Scott Seebass, Trent R Hein.
UNIX System Administration Handbook. Second Edition.
Prentice Hall PTR.
1995.
ISBN: 0 13 151051 7
email: sa-book@admin.com
http://www.admin.com
Cordially,
Jim
NOTE. The above message excerpts are reformatted.
Thread
Return to February 1996
Return to ““James M. Cobb” <jcobb@ahcbsd1.ovnet.com>”
1996-02-20 (Wed, 21 Feb 1996 05:04:54 +0800) - Internet Privacy Guaranteed - “James M. Cobb” <jcobb@ahcbsd1.ovnet.com>