Subject: | |
From: | |
Reply To: | |
Date: | Wed, 7 Feb 1996 08:33:21 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
At 4:58 PM 2/6/96 -0800, Mark Bixby wrote:
>In talking about network security here, we wondered if HP 3000 logons over a
>network via NS/VT transmitted the passwords typed by the user in unsecure,
>sniffable clear text similar to the way telnet does it.
Yes, all data over NS/VT is sent in clear text. This includes passwords.
Pending some change to this, before providing logon access to our 3000s
over the Internet, I'm writing a program that's invoked by a logon UDC to
prevent unauthorized access. It issues a challenge that needs to be entered
into a program on a programmable calculator in order to compute a response.
Messy and inconvenient, but it should take care of the problem until
something better comes along.
I'm not sure it's appropriate for a college setting, but you're welcome to
it if you want it. The calculator program runs on an HP48S/SX/G/GX but can
easily be converted to run on something else that does binary arithmetic
(e.g., a 16C).
-- Bruce
---------------------------------------------------------------------------
Bruce Toback Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc. (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142 | But ah, my foes, and oh, my friends -
Phoenix AZ 85028 | It gives a lovely light.
[log in to unmask] | -- Edna St. Vincent Millay
|
|
|