[prev in list] [next in list] [prev in thread] [next in thread]
List: best-of-security
Subject: Linux Security FAQ Update#5: Cipher-3.0/deslogin-1.3 and GCC 2.7.0
From: Julian Assange <proff () suburbia ! net>
Date: 1995-08-02 0:20:11
[Download RAW message or body]
Forwarded message:
>From owner-linux-alert@tarsier.cv.nrao.edu Sun Jul 30 10:36:53 1995
Date: Wed, 26 Jul 1995 15:16:33 -0400 (EDT)
From: alex <alex@bach.cis.temple.edu>
To: Linux Security Mailing List <linux-security@tarsier.cv.nrao.edu>
cc: linux-alert@tarsier.cv.nrao.edu
Subject: Linux Security FAQ Update#5: Cipher-3.0/deslogin-1.3 and GCC 2.7.0
Message-ID: <Pine.LNX.3.91.950726151439.6848A-100000@bach.cis.temple.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-linux-alert@tarsier.cv.nrao.edu
Precedence: special-delivery
Reply-To: linux-security@tarsier.cv.nrao.edu
-----BEGIN PGP SIGNED MESSAGE-----
Linux Security FAQ Update
Cipher-3.0/deslogin-1.3 problems caused by GCC 2.7.0
July 26, 1995 15:01 EST
Copyright (C) 1995 Alexander O. Yuriev (alex@bach.cis.temple.edu)
CIS Laboratories
TEMPLE UNIVERSITY
U.S.A.
=============================================================================
This is an official update of the Linux security FAQ, and it is supposed to
be signed by one of the following PGP keys:
1024/544C7805 1994/07/17 Jeffrey A. Uphoff <juphoff@nrao.edu>
Jeffrey A. Uphoff <jeff.uphoff@linux.org>
1024/EFE347AD 1995/02/17 Olaf Kirch <okir@monad.swb.de>
1024/ADF3EE95 1995/06/08 Linux Security FAQ Primary Key <Alexander O. Yuriev>
Unless you are able to verify at least one of signatures, please be very
careful when following instructions.
Linux Security WWW: http://bach.cis.temple.edu/pub/linux/linux-security
linux-security & linux-alert mailing list archives:
ftp://linux.nrao.edu/pub/linux/security/list-archive
=============================================================================
The cipher-3.0 is a high speed DES cipher used by the deslogin(1)
(encrypted login) and deslogingw(1) (encrypted login via gateway)
protocol to perfom encryption of the session. Those who installed
GCC 2.7.0 when compiling cipher-3.0 *HAVE TO TURN OFF* all optimization.
Even with the minimum optimization level (-O) GCC 2.7.0 breaks the code
of cipher.
When compiling cipher-3.0 edit the Makefile and change
CFLAGS and LDFLAGS to "-pipe -static"
otherwise, your cipher will produce incorrect ciphertext.
The default deslogin(1) and deslogingw(1) source trees, although use the
code from the cipher-3.0 tree, have their own separate Makefile. Prior to
compiling deslogin, modify CFLAGS and LDFLAGS to "-pipe -static" and
remove optimization flags.
WARNING: IF YOUR COMPILATION BREAKS THE CODE OF THE CIPHER, YOU
MAY END UP BROADCASTING OVER THE NETWORK INFORMATION THAT
*SUPPOSED* TO BE ENCRYPTED, THEREFORE COMPROMISING THE
PASSPHRASE.
deslogin(1), deslogingw(1) and cipher(1) can be obtained from
ftp://ftp.uu.net/pub/security/des/.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMBaT34xFUz2t8+6VAQEo/AP/SThg3ZHwM3hklsMGujOcLUPisNuJxo50
sLkqQi0mlc2Oo3nFDzLG0mvoX9M5Jer0qp1osdLTlZaxztYfhJSGJJjoAjK91hBR
dw1BCdMwhwlrfizaVi1ZLMFmlFvX8YKEMAaLwuQdFHCo/KhSOlb/4rrMunGPdUtl
RtFXqQDDl6o=
=Po3y
-----END PGP SIGNATURE-----
============================================================================
Alexander O. Yuriev Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA
PGP Key: 1024/ADF3EE95 Fingerprint: AB4FE7382C3627BC 6934EC2A2C05AB62
Unless otherwise stated, everything above is my personal opinion and not an
opinion of any organisation affiliated with me.
=============================================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic