Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Risk of clear text passwords

0 views
Skip to first unread message

Brock, Todd A

unread,
Aug 12, 1997, 3:00:00 AM8/12/97
to

I have been wondering for a while about this...

Is there any _real_ risk of clear-text passwords, transmitted over a
dial-up PPP connection, being captured?

What I mean is, assuming that the host side is suitably secured (i.e.
modem pool, authenticating host, etc, in a "safe" computer room; and
trustworthy people administrating it). Given the principle of "value of
possible information gathered being worthy of the amount of effort to
gather it" being applied, it would seem to me that this is not a high (
or even medium) risk area.

Am I way off base here or what?


The following binary file has been uuencoded to ensure successful
transmission. Use UUDECODE to extract.

begin 600 WINMAIL.DAT
<encoded_portion_removed>
end

Douglas Williams

unread,
Aug 13, 1997, 3:00:00 AM8/13/97
to

What about "clear text" login/username . The login is half of the
login/password authentication scheme. Also someone can inadvertently type
in their password at the login prompt.


Brock, Todd A

unread,
Aug 13, 1997, 3:00:00 AM8/13/97
to

Snip

>> Is there any _real_ risk of clear-text passwords, transmitted over a

>> dial-up PPP connection, being captured?
>>
>> What I mean is, assuming that the host side is suitably secured (i.e.

>> modem pool, authenticating host, etc, in a "safe" computer room; and

>> trustworthy people administrating it). Given the principle of "value
of
>> possible information gathered being worthy of the amount of effort to

>> gather it" being applied, it would seem to me that this is not a high
(
>> or even medium) risk area.
>>

Snip

>First, I must ask, is the host WindowNT or Unix? but in both cases, if
>there was a service(NT) or deamon(Unix) running designed to monitor the
>dial-up PPP connects, I believe there can be some risk.


I think that you may have missed the point here ;-). I made an
assumption that the Host side was within a "security perimeter". For
this exercise, I assume that nobody is getting in through the Host to
look at the incoming connection. So.. the type of Host should not
matter.
IMO, there is very little risk of any snooping happening between the
dialer (remote user) and the dialee (host modem).

Best regards,
Todd

0 new messages