Mark Bixby ([log in to unmask]) wrote:
: In talking about network security here, we wondered if HP 3000 logons over a
: network via NS/VT transmitted the passwords typed by the user in unsecure,
: sniffable clear text similar to the way telnet does it.
 
In a word, yes.
 
: I advised taking the paranoid position of assuming clear text.  But then I
: wondered, maybe NS/VT is smart enough to recognize that display echo has
: been turned off and that a password is being requested (i.e. "ENTER USER
: PASSWORD:", not HELLO FOO/PASS.BAR), and so perhaps it might perform some
: encryption.  Yes?  No?
 
 A wise assumption. So far as I know, VT hasn't been changed to do
 encryption. At least it didn't when I supported it, and I haven't heard
 of anyone adding it lately.
 
 For what it's worth, it's MPE not NS/VT that knows to turn the echo off
 and do the "Enter User Password" thing. VT is essentially a transparent
 driver.
 
cas caswell
 
--
=======================================================================
[log in to unmask] (Cas Caswell)   By the way: I said it, not my company.
 =======================================================================