From: M Taylor <mctylr@privacy.nb.ca>
To: Tim Neu <tim@tneu.visi.com>
Cc: Linux-Hams <linux-hams@vger.kernel.org>
Subject: Re: axspawn and security on the air
Date: Wed, 28 May 2003 17:00:55 +0100 [thread overview]
Message-ID: <20030528170055.A21230@pull.privacy.nb.ca> (raw)
In-Reply-To: <20030528150112.GA19391@leo.tneu.visi.com>; from tim@tneu.visi.com on Wed, May 28, 2003 at 10:01:12AM -0500
On Wed, May 28, 2003 at 10:01:12AM -0500, Tim Neu wrote:
> On Wed, May 28, 2003 at 09:38:18AM -0500, J. Lance Cotton wrote:
> > The background to my question is this: If I leave the password for an admin
> > user blank, some rogue user could easily change their TNC to use an admin
> > callsign and wreak havoc. If I require a password for user login, the
> > password is transmitted plaintext, right? Same situation as before.
> >
> > This machine will hopefully, eventually be connected to the Internet, where
> > ssh connections are more bandwidth-appropriate, but I want to have the
>
> A number of other programs use a math challenge.
>
> There may be other ways of using one-time passwords.
Public Key cryptography (PKC) that uses DSA (digital signature
algorithm) rather than RSA for authenication, with no (bulk) transport
encryption may be within the spirit of not obscuring the message,
as DSA is designed to be usable for digital signatures, not for
(message) encryption there is little chance that such packets
are possibly anything else.
So ssh with DSA public keys, and no (NULL) transport encryption may
fall within allowable by the rules of FCC (and perhaps other countries).
You may need to recompile openssh/openssl to enable NULL encryption.
I have not had time to take this to RAC and Industry Canada for guidence
for use in Canada.
The safest method that should is legal is to use a one-time password
method, there are some debain packages available (maybe named S/Key).
You send the password in the clear, but after it is used, it is not
longer valid. The next time you would login using the next password
from either a calculator or from a pre-generated list.
-ve1mct
next prev parent reply other threads:[~2003-05-28 16:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-28 14:38 axspawn and security on the air J. Lance Cotton
2003-05-28 15:01 ` Tim Neu
2003-05-28 15:09 ` J. Lance Cotton
2003-05-28 15:15 ` Tim Neu
2003-05-28 15:19 ` J. Lance Cotton
2003-05-28 16:00 ` M Taylor [this message]
2003-05-28 16:01 ` Thomas Osterried
2003-05-28 22:24 ` Ken Koster
2003-05-28 22:49 ` Steve Fraser
2003-06-04 18:46 ` Again TNOS Marco iw7eas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030528170055.A21230@pull.privacy.nb.ca \
--to=mctylr@privacy.nb.ca \
--cc=linux-hams@vger.kernel.org \
--cc=tim@tneu.visi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.