Vulnerability Development mailing list archives

Re: Reachout 8.4x

From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Mon, 10 Apr 2000 19:06:34 -0700


* Chris Smith <chris () AMGROUPADMIN COM> [000410 18:57]:

to the recent issues with PCAnywhere 9 and Netopia's
Timbuktu Pro sending either completely cleartext or weakly
encrypted usernames and password using a simple
mathematical formula to en/decrypt.  I am wondering if


I am a little curious why these companies don't use Diffie-Hellman to
generate a session key for use with tripleDES or IDEA or ... and encrypt
*eveyrthing*, saving themselves a lot of hassle in the meantime.

Does anyone have reasons why this hasn't been done? (And if Symantec et
al do wish to implement it, could they give me some royalties? :)

--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help

Current thread:

Reachout 8.4x Chris Smith (Apr 10)
- Re: Reachout 8.4x Seth R Arnold (Apr 10)
  - Re: Reachout 8.4x Alex Martin (Apr 11)
    - Re: Reachout 8.4x Kev (Apr 12)
    - Re: Reachout 8.4x David Schwartz (Apr 12)
    - Re: Reachout 8.4x Wooding, Kjell (Apr 12)
    - Re: Reachout 8.4x Crispin Cowan (Apr 12)
  - Re: Reachout 8.4x rpc (Apr 12)