At  4:58 PM 2/6/96 -0800, Mark Bixby wrote:
>In talking about network security here, we wondered if HP 3000 logons over a
>network via NS/VT transmitted the passwords typed by the user in unsecure,
>sniffable clear text similar to the way telnet does it.
 
Yes, all data over NS/VT is sent in clear text. This includes passwords.
 
Pending some change to this, before providing logon access to our 3000s
over the Internet, I'm writing a program that's invoked by a logon UDC to
prevent unauthorized access. It issues a challenge that needs to be entered
into a program on a programmable calculator in order to compute a response.
Messy and inconvenient, but it should take care of the problem until
something better comes along.
 
I'm not sure it's appropriate for a college setting, but you're welcome to
it if you want it. The calculator program runs on an HP48S/SX/G/GX but can
easily be converted to run on something else that does binary arithmetic
(e.g., a 16C).
 
-- Bruce
 
---------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
[log in to unmask]                 |     -- Edna St. Vincent Millay