USENIX Conference Policies
Secure RPC Authentication (SRA) for TELNET and FTP
David R. Safford, Douglas Lee Schales, David K. Hess, Texas A & M University
TELNET and FTP currently exchange user authentication (passwords) in plain text, which is easily eavesdropped. Several techniques, such as Kerberos and SPX, have been proposed in draft RFCs to implement secure authentication. These techniques, however, have several drawbacks, including technical complexity, poor vendor support, and organizational problems. This paper presents SRA, a very simple and tested technique based on Secure RPC which, while certainly not as strong as RSA, is reasonably strong, fast, and trivial to implement immediately for both inter and intra-domain communication.
BibTeX
@inproceedings {260248,
author = {David R. Safford and Douglas Lee Schales and David K. Hess},
title = {Secure {RPC} Authentication ({{{{{SRA}}}}}) for {TELNET} and {FTP}},
booktitle = {4th UNIX Security Symposium (UNIX Security 93)},
year = {1993},
address = {Santa Clara, CA },
url = {https://www.usenix.org/conference/4th-unix-security-symposium/secure-rpc-authentication-sra-telnet-and-ftp},
publisher = {USENIX Association},
month = oct
}
author = {David R. Safford and Douglas Lee Schales and David K. Hess},
title = {Secure {RPC} Authentication ({{{{{SRA}}}}}) for {TELNET} and {FTP}},
booktitle = {4th UNIX Security Symposium (UNIX Security 93)},
year = {1993},
address = {Santa Clara, CA },
url = {https://www.usenix.org/conference/4th-unix-security-symposium/secure-rpc-authentication-sra-telnet-and-ftp},
publisher = {USENIX Association},
month = oct
}