On Thu, Jul 14, 2005 at 09:28:07AM -0700, Jonathan Lassoff wrote: > Why not just have a challenge and response design like Andrew Bates > suggested. For example, what if the server sent a challenge string,
I don't see a problem with challenge/response, since there's no obscured message there. The only issue I see is that you aren't protecting the session, so after you authenticate, someone closer/stronger than you could insert malicious commands into the stream. I've seen details of man-in-the-middle exploits on the Internet where commands were inserted in a telnet stream without the connecting station knowing by syncing up sequence numbers and the like. IPsec AH would prevent this. SSH might, if it signs the content with encryption none, but my suspecion is that it doesn't, that it only beats telnet for this purpose by virtue of allowing more advanced authentication mechanisms. Bob N2KGO - To unsubscribe from this list: send the line "unsubscribe linux-hams" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
