[Info-vax] DECUServe is a Hobbyist Chapter
Arne Vajhøj
arne at vajhoej.dk
Sat Jul 4 17:34:37 EDT 2020
On 7/4/2020 4:50 PM, Phillip Helbig (undress to reply) wrote:
> In article <rdqgkm$1lkg$1 at gioia.aioe.org>, =?UTF-8?Q?Arne_Vajh=c3=b8j?=
> <arne at vajhoej.dk> writes:
>
>> On 7/3/2020 1:31 AM, Phillip Helbig (undress to reply) wrote:
>>> In article <rdlktg$rmb$1 at dont-email.me>, Stephen Hoffman
>>> <seaohveh at hoffmanlabs.invalid> writes:
>>>> That "the world's most secure operating system" still has telnet, FTP,
>>>> and DECnet available in its network configuration certainly belies the
>>>> claim.
>>>
>>> There is some confusion here. The problem with telnet is that the
>>> password and the connection itself are in clear text. Once the user is
>>> logged in, it is no different from SSH as far as VMS is concerned. So
>>> telnet cannot compromise VMS any more than SSH can.
>>
>> Then encryption is needed for the entire session not just
>> for sending the password.
>>
>> There may be other confidential information than password
>> transferred over the wire.
>>
>> And there is also the risk of malicious input being injected.
>
> How is that a bigger problem with telnet than with ssh?
Bigger as in possible vs non-possible.
I am not a SSH expert, but I understand it then it
does a key exchange and then use AES for encryption.
You cannot read AES encrypted traffic and you cannot
inject valid content in it.
Arne
More information about the Info-vax
mailing list