[39871] in North American Network Operators' Group
Re: 'we should all be uncomfortable with the extent to which luck ..'
daemon@ATHENA.MIT.EDU (Majdi S. Abbas)
Wed Jul 25 17:19:27 2001
Date: Wed, 25 Jul 2001 14:09:44 -0700
From: "Majdi S. Abbas" <msa@samurai.sfo.dead-dog.com>
To: nanog@merit.edu
Message-ID: <20010725140944.A28671@samurai.sfo.dead-dog.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010725144544.A1975@akamai.com>; from dshaw@jabberwocky.com on Wed, Jul 25, 2001 at 02:45:44PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Jul 25, 2001 at 02:45:44PM -0400, David Shaw wrote:
> telnetd is not inherently bad. It is a tool that is lacking the
> session encryption and strong authentication features of SSH, but is
> still useful in some cases. Like any tool it can be used poorly, but
> that is not the fault of the tool.
Agreed.
> For example, when traveling, I can log in securely from any random
> Internet cafe using OPIE or S/Key one-time passwords via telnet. SSH
> requires that you trust your local machine, and OPIE assumes that you
> don't.
Incorrect. OPIE assumes complete trust of your local machine,
but not the network. You still have to generate the hashes using your
password.
--msa
