In article <[EMAIL PROTECTED]>, =?iso-8859-1?Q?T=F6ns=20B=FCker?= <[EMAIL PROTECTED]> wrote: : : Hi *, : : as I read from the Kerberos documentation the kerberized version of telnet can : use an encrypted mode. : : Does that mean, that all the traffic, that travels over that connection is : encypted? Or does it mean, that only passwords are encrypted?
The MIT Kerberos 5 Telnet implementation provides single DES encryption of all traffic but does not provide any integrity protection for the data. The implementation in the SRP distribution uses TLS to provide for data encryption and integrity protection using any desired cipher suite including Anonymous-Diffie-Hellman based key exchanges. The Kerberos 5 authentication is then used to provide mutual authentication and verification that the TLS key exchange is free from a Man in the Middle attack. I would consider this combination of TLS using ADH-AES256-SHA and Kerberos 5 to be as strong as anything that can be provided. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow.
