Subject: | |
From: | |
Reply To: | |
Date: | Wed, 7 Feb 1996 16:12:28 GMT |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Mark Bixby ([log in to unmask]) wrote:
: In talking about network security here, we wondered if HP 3000 logons over a
: network via NS/VT transmitted the passwords typed by the user in unsecure,
: sniffable clear text similar to the way telnet does it.
In a word, yes.
: I advised taking the paranoid position of assuming clear text. But then I
: wondered, maybe NS/VT is smart enough to recognize that display echo has
: been turned off and that a password is being requested (i.e. "ENTER USER
: PASSWORD:", not HELLO FOO/PASS.BAR), and so perhaps it might perform some
: encryption. Yes? No?
A wise assumption. So far as I know, VT hasn't been changed to do
encryption. At least it didn't when I supported it, and I haven't heard
of anyone adding it lately.
For what it's worth, it's MPE not NS/VT that knows to turn the echo off
and do the "Enter User Password" thing. VT is essentially a transparent
driver.
cas caswell
--
=======================================================================
[log in to unmask] (Cas Caswell) By the way: I said it, not my company.
=======================================================================
|
|
|