Re: telnet - encryption

[Nicolas Williams]

On Wed, Nov 28, 2001 at 04:37:30PM +0000, Donn Cave wrote:
> Quoth Tns Bker <[EMAIL PROTECTED]>:
> 
> | as I read from the Kerberos documentation the kerberized version of telnet can
> | use an encrypted mode.
> |
> | Does that mean, that all the traffic, that travels over that connection is
> | encypted? Or does it mean, that only passwords are encrypted?
> |
> | Is such a telnet connection as 'secure' as an ssh or ssl encrypted connection?
> 
> More secure.  Kerberos telnet doesn't send any password at all, encrypted
> or not.  SSL can encrypt your password across the network, but at the other
> end you just have to trust the remote host.

The SSH w/ GSS-API protocol, while it's still only a draft, would be
more secure still.

Among other things, the SSH vendors are adding keystroke and su(1M)
signature analysis defeating features.

And the SSH w/GSS-API proposal uses a GSS-protected Diffie-Hellman key
exchange to generate session keys, which is better than raw Kerberos
authentication because you get "perfect forward security", meaning that
a snooper who records an encrypted sessoin and later obtains access to,
say, the service's Kerberos key, or steal's the client's service ticket,
cannot decrypt the snooped session.

Mind you, keystroke analysis attacks are probably not very common at
this time and require plenty of snooping. As such keystroke analysis
attacks are not too worrisome in switched intranets; similarly with
respect to perfect forward security. Still, you asked :)

Patches exist for OpenSSH that implement SSH w/ GSS-API and Kerberos.

Keystroke analysis attacks affect all encrypted session protocols that
are used in an interactive manner. And they affect protocols where
passwords are not needed, because the user might be prompted for
passwords by unrelated tools (e.g., su(1M), sudo, etc...) and those
tools generally do not echo back the password, and the session
encryption programs cannot detect the use of such tools. But a snooper
can detect un-echoed typing by the pattern of packets sent and then she
can use the inter-keystroke timing to reduce the search space in
guessing the user's passwords...


>       Donn Cave, [EMAIL PROTECTED]


Cheers,

Nico
--
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only
for the individual named.  If you are not the named addressee you
should not disseminate, distribute or copy this e-mail.  Please
notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses.  The sender therefore
does not accept liability for any errors or omissions in the contents
of this message which arise as a result of e-mail transmission.  If
verification is required please request a hard-copy version.  This
message is provided for informational purposes and should not be
construed as a solicitation or offer to buy or sell any securities or
related financial instruments.