[443] in Kerberos_V5_Development
Re: Kerberized Telnet (A warning)
daemon@ATHENA.MIT.EDU (Paul Borman)
Sat Nov 17 16:42:16 1990
Date: Sat, 17 Nov 1990 15:42:20 CST -0600
From: Paul Borman <prb@krystal.cray.com>
To: bcn@cs.washington.edu
Cc: krbdev@ATHENA.MIT.EDU
Well, I would guess that if an attacker knows EXACTLY what you are sending
when in your data stream, it wasn't much use to do the encryption in the
first place. He can probably adjust the output of the motd, if he knows
what system you are logging into, but after that it would be pretty hard
to do anything unless he knows how to break DES. Anyhow, the protocol
allows for multiple encryption types. I am sure the old "encrypt each
byte with a block encryption and ship 8 times the data mode" will at some
point be introduced.
-Paul
