From owner-securedistros@nl.linux.org Tue Aug 1 00:37:42 2000 Received: by humbolt.nl.linux.org id ; Tue, 1 Aug 2000 00:36:07 +0200 Received: from beach.sctc.com ([192.55.214.50]:24774 "EHLO beach.sctc.com") by humbolt.nl.linux.org with ESMTP id ; Tue, 1 Aug 2000 00:35:42 +0200 Received: from beach.sctc.com (root@localhost) by beach.sctc.com with ESMTP id RAA06267 for ; Mon, 31 Jul 2000 17:23:18 -0500 (CDT) Received: from sphinx.sctc.com (sphinx.sctc.com [172.17.192.3]) by beach.sctc.com with ESMTP id RAA06263 for ; Mon, 31 Jul 2000 17:23:13 -0500 (CDT) Received: from stp98lp2780.securecomputing.com ([172.17.68.3]) by sphinx.sctc.com (8.8.8+Sun/8.7.3) with ESMTP id RAA20563 for ; Mon, 31 Jul 2000 17:35:56 -0500 (CDT) Message-Id: <4.3.2.7.0.20000731171517.00ab3c50@mailhost.sctc.com> X-Sender: smith@mailhost.sctc.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 31 Jul 2000 17:37:40 -0500 To: securedistros@nl.linux.org From: Rick Smith Subject: Re: some requirements In-Reply-To: <20000728091435.F1610@lemuria.org> References: <20000727232841.A7399@dungeon.inka.de> <20000727232841.A7399@dungeon.inka.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list >Andreas Jellinghaus wrote: >> nearly no server allows authentication via ssl certificate. > > also nearly no server allows the server key be encrypted with > > a password, and the certificate in an extra file. apache is fine, > > but stunnel/sslwrap/... ? At 02:14 AM 7/28/00, Tom Vogt wrote: >wasn't s/key made for this? You're probably thinking of Encrypted Key Exchange (EKE) in which a private key is encrypted using a shared secret password as the encryption key. There have been several improvements proposed by various researchers. I'm not sure which, if any, are actually in use, tho' I've heard it said that a few universities use such a thing to distribute private keys from a central server. S/Key provides a way of using /etc/password to implement (relatively) simple challenge response passwords. Unix stores the last of a series of hashes derived from the text password. Login prompts the user with the number of hash operations performed (the "challenge"). The user feeds the number to an s/key client, along with the text password. The client generates a one time password that, when hashed one more time by login, will match the value stored in /etc/passwd. If they match, the hash count gets decrement and the newly received hash value replaces the old one. I don't see an obvious way of making the two work together. Rick. smith@securecomputing.com roseville, minnesota - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Tue Aug 1 08:40:29 2000 Received: by humbolt.nl.linux.org id ; Tue, 1 Aug 2000 08:38:55 +0200 Received: from lemuria.borgfelde.ricardo.de ([195.244.103.65]:23558 "HELO mail.lemuria.org") by humbolt.nl.linux.org with SMTP id ; Tue, 1 Aug 2000 08:38:28 +0200 Received: from lemuria.org by mail.lemuria.org via rsmtp with bsmtp id for ; Tue, 1 Aug 2000 08:28:00 +0200 (MEST) (Smail-3.2 1996-Jul-4 #1 built 1999-Nov-8) Received: by lemuria.org via sendmail with stdio id for securedistros@nl.linux.org; Tue, 1 Aug 2000 08:25:44 +0200 (MEST) (Smail-3.2 1996-Jul-4 #1 built 1999-Nov-8) Date: Tue, 1 Aug 2000 08:25:44 +0200 From: Tom Vogt To: securedistros@nl.linux.org Subject: Re: some requirements Message-ID: <20000801082544.C15332@lemuria.org> References: <20000727232841.A7399@dungeon.inka.de> <20000727232841.A7399@dungeon.inka.de> <20000728091435.F1610@lemuria.org> <4.3.2.7.0.20000731171517.00ab3c50@mailhost.sctc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <4.3.2.7.0.20000731171517.00ab3c50@mailhost.sctc.com> X-Privacy: If you can, please encrypt your mails - finger for key Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Rick Smith wrote: > S/Key provides a way of using /etc/password to implement (relatively) > simple challenge response passwords. Unix stores the last of a series of > hashes derived from the text password. Login prompts the user with the [...] obviously, I need to correct my knowledge about s/key. thanks for the short summary. -- "The net treats censorship as a malfunction and re-routes around it." (John Gilmore) - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Tue Aug 1 15:27:10 2000 Received: by humbolt.nl.linux.org id ; Tue, 1 Aug 2000 15:25:42 +0200 Received: from priv0.onet.pl ([213.180.128.80]:27326 "EHLO priv0.onet.pl") by humbolt.nl.linux.org with ESMTP id ; Tue, 1 Aug 2000 15:25:15 +0200 Received: from pe134.warszawa.cvx.ppp.tpnet.pl ([213.76.100.134]:1060 "HELO default") by priv0.onet.pl with SMTP id ; Tue, 1 Aug 2000 15:24:06 +0200 From: "darian" To: Subject: How can I unsubscribe? Date: Tue, 1 Aug 2000 15:26:57 +0200 Message-ID: <01bffbbc$2ad9bf40$86644cd5@default> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Thanks You - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Wed Aug 2 06:23:24 2000 Received: by humbolt.nl.linux.org id ; Wed, 2 Aug 2000 06:21:31 +0200 Received: from ns.krls.ru ([194.84.191.18]:30223 "EHLO ns.krls.ru") by humbolt.nl.linux.org with ESMTP id ; Wed, 2 Aug 2000 06:20:56 +0200 Received: from ivc-01.int.krls.ru (lks.krls.ru [194.84.191.20]) by ns.krls.ru (8.9.3/8.9.3) with ESMTP id IAA12128 for ; Wed, 2 Aug 2000 08:20:46 +0400 Date: Wed, 2 Aug 2000 08:20:47 +0400 From: Oleg Malych X-Mailer: The Bat! (v1.38) S/N A1D26E39 / Educational Organization: OAO KrasnogorskLekSredstva X-Priority: 3 (Normal) Message-ID: <6347.000802@krls.ru> To: darian Subject: Re: How can I unsubscribe? In-reply-To: <01bffbbc$2ad9bf40$86644cd5@default> References: <01bffbbc$2ad9bf40$86644cd5@default> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Yes - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Thu Aug 3 17:38:23 2000 Received: by humbolt.nl.linux.org id ; Thu, 3 Aug 2000 17:36:54 +0200 Received: from mercury.chem.nwu.edu ([129.105.116.2]:33522 "EHLO mercury.chem.nwu.edu") by humbolt.nl.linux.org with ESMTP id ; Thu, 3 Aug 2000 17:36:19 +0200 Received: from localhost by mercury.chem.nwu.edu (8.9.1/8.9.1) with SMTP id KAA09190 for ; Thu, 3 Aug 2000 10:37:49 -0500 (CDT) Date: Thu, 3 Aug 2000 10:37:49 -0500 (CDT) From: Lorenzo Pesce To: securedistros@nl.linux.org Subject: How can I unsubscribe? In-Reply-To: <01bffbbc$2ad9bf40$86644cd5@default> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list thanks Lorenzo - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@nl.linux.org Mon Aug 7 21:39:34 2000 Received: by humbolt.nl.linux.org id ; Mon, 7 Aug 2000 21:38:16 +0200 Received: from research-cistw.saic.com ([204.115.177.135]:32266 "EHLO research-cistw.saic.com") by humbolt.nl.linux.org with ESMTP id ; Mon, 7 Aug 2000 21:37:41 +0200 Received: by research-cistw.saic.com (Postfix, from userid 100) id 405C21F584; Mon, 7 Aug 2000 12:05:10 -0700 (PDT) To: securedistros@nl.linux.org Subject: DEFCON Message-Id: <20000807190510.405C21F584@research-cistw.saic.com> Date: Mon, 7 Aug 2000 12:05:10 -0700 (PDT) From: don@research-cistw.saic.com (Don) Sender: owner-securedistros@nl.linux.org Precedence: bulk Reply-To: securedistros@nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list It may interest some of you to know that at this year's DEFCON capture the flag contest, a linux server whose kernel was modified to include a form of mandatory access control was entered, and attackers were intentionally allowed to bust a root shell. The gory details are at http://www.subterrain.net/~palante/defcon8.html. Most of it will probably not interest you, but there is a link to the project page... - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/