How about a workshop on "security and privacy" ? I guess it will clarify the concepts of getting passwords by launching DOS attacks, as well as "kerberos like setup" for email services can be discussed in great detail.
Cheers Nitesh Mor ---------- Forwarded message ---------- From: Subhashis Banerjee <[email protected]> Date: Tue, May 4, 2010 at 7:33 AM Subject: Re: [...@iitd:7429] mail crack-in: time for kerberos like setup To: NITESH MOR <[email protected]> Nitesh, Why don't you tell them to hold a workshop on ``security and privacy'' - perhaps to celebrate the end of the current semester or the beginning of the new semester in July. The CSC will be happy to help and discuss/explain SSL, TLS, Kerberos, Radius, TKIP/AES, NTLM, MD5,....(we are, after all, using the whole lot) and perhaps also mac and arp. You can ask some CSE/EE students and faculty to also contribute. May be the IITD community needs such a workshop, others are also welcome (the more the merrier). cheers, Subhashis Banerjee Professor Dept. Computer Science and Engineering Indian Institute of Technology, New Delhi 110016, INDIA Office: +91 11 26591288 Fax: +91 11 26581060, +91 11 26582283 Email: [email protected] URL: http://www.cse.iitd.ernet.in/~suban On 04/05/10 1:28 AM, nitesh mor wrote: > > On Tue, May 4, 2010 at 12:57 AM, Sharad Birmiwal > <[email protected]> wrote: > >>>> >>>> Radius is generally used for 802.1x authentications, which does not >>>> seem to be relevant in any way to authentication for a web service. >>>> >>> >>> You see chance, I see cause .... >>> a Lightweight Kerberos... a small tilt in the tale .. will bring the light. >>> Jan 1, 2011 lets hope the day will bring your mail in your 'box' only. >>> >> >> http://en.wikipedia.org/wiki/RADIUS#Security_2 >> >> The way I understand things is that RADIUS does not offer encryption >> (for payload or bulk of data). That's where this conversation started >> from (http/https). It is used for authorization (in our context). That >> means validating whether the given username/password are correct or >> not. >> >> RADIUS can be (is?) used for authenticating and accounting say for >> users who connect to a wireless service. Again, it does not manage >> encryption of the traffic afterwards. >> >> As Nitesh suggested earlier, TLS might be better supported for what >> you want -- I don't know anything about TLS but I am guessing what >> Nitesh meant was that in TLS, both server and client negotiate which >> encryption standard they want to use (much like ssh). >> > > Exactly. During the negotiation phase, the client sends a list of > cipher specs that are supported by the client, with the client's first > preference first. > For the list of cipher suits that are defined by the standard, visit > http://tools.ietf.org/html/rfc2246#appendix-A.5 > The server replies with an acceptable cipher suite, from the ones that > the client has sent, otherwise sends a failure message. > > For details: http://tools.ietf.org/html/rfc2246 > > And BTW, the MAC address (which is used by radius for authentication, > the so called hardware), is a link layer thingie, which has no > significance beyond your router. > > Cheers > Nitesh Mor > > >> >> SB >> >> -- >> l...@iitd - http://tinyurl.com/ycueutm >> >> > > -- l...@iitd - http://tinyurl.com/ycueutm
