[RC5] Security risks?

Peter Cordes peter at llama.nslug.ns.ca
Wed Jan 17 20:50:46 EST 2001

On Wed, Jan 17, 2001 at 07:19:33PM -0500, Greg Wooledge wrote:
> Peter Cordes (peter at llama.nslug.ns.ca) wrote:
> > dnetc can talk to keyservers on port 80, or even operate
> > through an http proxy, if necessary.  If you need a password for the proxy,
> > dnetc stores it encrypted in the config file.
> Of course, if you use a password to talk to a web proxy, the password is
> sent unencrypted over the network....

 Yes, of course.  plaintext over a company intranet is a whole lot better
than plain text letters on your screen that can be read by a casual observer
(accidentally or otherwise.)

> (HTTP authentication uses base64
> to "encode" the username and password.  This is not encryption at all, and
> can be trivially "decoded".)

 Oh, yeah, now I remember.  IIRC, the string in the config file is
actually the base64 encoding.  It is sent to the server as is.  I remember
noticing that last summer, but I'd forgotten until this reminded me. I hacked
some stuff code to see if I could tell the squid to CONNECT to my home
computer's https port.  I could, and of course CONNECT allows arbitrary
two-way data exchange, so it would have been quite possible to
tunnel an ssh connection through the firewall, so I could check my home
email and get at files on my home computer while I was at work.  I didn't
bother actually doing it, since it was only a summer job.  The jerks didn't
let me run linux, so it would have been a big PITA to do anything useful.

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter at llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest

More information about the rc5 mailing list