Secure RPC Authentication (SRA) for TELNET and FTP
David R. Safford, David K. Hess, and Douglas Lee Schales
Texas A&M University
College Station, TX 77843-3363
TELNET and FTP currently exchange user authentication (passwords) in
plain text, which is easily eavesdropped. Several techniques, such as
Kerberos and SPX, have been proposed in draft RFCs to implement secure
authentication. These techniques, however, have several drawbacks,
including technical complexity, poor vendor support, and
organizational problems. This paper presents SRA, a very simple and
tested technique based on Secure RPC which, while certainly not as
strong as RSA, is reasonably strong, fast, and trivial to implement
immediately for both inter and intra-domain communication.
Download the full text of this paper in
ASCII form (9,812 bytes).
To Become a USENIX Member, please see our