lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1098271730.7482.13.camel@www.bsrf.org.uk>
From: barrie at reboot-robot.net (Barrie Dempster)
Subject: Sending remote procedure calls through
	e-mail (RPC-Mail)

Few points to note on this idea,
Encryption? you didn't mention it I hope you considered it though. This
detracts from the simplicity as the user will have to setup this
alongside their mail client.

Speed, email is much slower and less reliable than port-knocking. (You
have to rely on more than just the box your accessing being up, all the
intermittent email servers must be playing the game too)

IMO if the port knocking is to, say for example, open up a remote shell.
We could alias the command ssh on the users machine to a script which
runs the port-knocking command before executing ssh making the process
completely transparent to the end user.

It's as you point out a matter of convenience however I'm sure running
one command is more convenient than.....
1. Fire up the email client
2. Type the email address and message, ensuring to type the passphrase
and encrypt the mail.
3. send the mail
4. Wait a comparatively long time for a confirmation reply.

With the portknocking method if the server is down you will be notified,
how will your email server tell you this? as in your example the command
is only acted upon when the receiving server checks for incoming mail.
Or are you going to add notification of unread mail to the email server,
adding more complexity and another failure point to the mechanism.

It is a fairly good idea and I've seen it implemented before, I also did
a similar thing over IRC as an experiment which worked pretty well.

However I don't think it beats port-knocking on reliability, speed or
security, Which I consider important aspects of this kind of technology.

Kindest Regards

-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041020/c1ea1be5/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ