| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: lists at ktabic.co.uk (ktabic) Subject: Re: Re: Re: open telnet port On Thu, 2004-09-09 at 14:39 +0100, Dave Ewart wrote: > > How about, as a service to enable as you are updating SSH remotely > > from the other side of the country to fix the most recent problem > > security problem and need a backup system to get into the server in > > the event that something goes wrong? > Given that, in the above description, you're basically advocating that > your *only* use of Telnet would be to send the root password across the > 'net to troubleshoot SSH :-) > Given that above description, there is no mention of anybody sending anything that even looks like a password over the net in plain text. Of course, most people would be, but not everyone. You are also presuming that the root account even requires logging in, which is also not nessercary. There is nothing wrong with plain text at all, in most circumstances. It's just that *everyone* has presumed that passwords that are a) reused for the next session, and b) the root one, will be sent in plain text. Of course, if you know you are sending in plain text, you take steps to make sure that nothing critical is transmitted in the first place, which, imho is a better situation than relying totally on the fact you are encrypted, which may or may not be true.
Powered by blists - more mailing lists