mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-09 16:01:19 +01:00
Add a blurb about SRA-enhanced telnet.
Not-Approved-by: jkh (he said documentation didn't need it)
This commit is contained in:
parent
8425f9e744
commit
228524cb50
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=57208
@ -172,6 +172,16 @@ OpenSSL v0.9.4 (a general-purpose cryptography and SSL2/3/TLSv1 toolkit)
|
||||
has been integrated with the base system. In the future this will be used
|
||||
to provide strong cryptography for FreeBSD utilities out-of-the-box.
|
||||
|
||||
Telnet has a new encrypted authentication mechanism called SRA. SRA
|
||||
uses a Diffie-Hellmen exchange to establish a session key, then uses
|
||||
that to DES encrypt the username and password. As a side effect the
|
||||
session key is used to DES encrypt the session. SRA is vulnerable to
|
||||
man-in-the-middle attacks, the DH parameters are on the small side,
|
||||
and DES is showing its age, but the benefits are that it requires
|
||||
absolutely no administrative changes to the machine to work, and is
|
||||
at the very least a step up from plaintext. To use it, you need to
|
||||
either use "telnet -ax" or set up a .telnetrc to enable it by default.
|
||||
|
||||
1.3. USERLAND CHANGES
|
||||
---------------------
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user