Message-Id: <m0wuC9m-000Hq5C@mbsks.franken.de>
From: m@mbsks.franken.de (Matthias Bruestle)
Subject: Re: Old UNIX ftp archive - access ideas
In-Reply-To: <199708010319.NAA10575@henry.cs.adfa.oz.au> from Warren Toomey at "Aug 1, 97 01:19:52 pm"
To: oldunix@minnie.cs.adfa.oz.au (oldunix)
Date: Fri, 1 Aug 1997 09:29:48 +0200 (MET DST)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Mahlzeit


According to Warren Toomey:
> If I become the `central repository' for the software, then I'd like to
> set up access procedures which ensure that only legitimate users can access
> the archive, and that eavesdropping or hacking access to the archive
> shouldn't divulge its contents easily.
Isn't ftp for a $200-programm secure enough? I'm doing beta testing
for a programm, which costs $1100 and they distribute the passwords
for ftp by unencrypted mail. They do that allready for a few releases
and I don't think they had any problems with that.

> Keep the archive files encrypted:
> 
> 	- This will stop hackers who penetrate the archive from getting the
> 	  plaintext version of the files. I suggest using PGP with a very
> 	  large key size to encrypt the files. The key won't be kept on the
> 	  archive machine.
I don't think you need a very large key. Everyone, which has the
choice to crack a 512bit key or to pay $200, would choose to pay.

> I'd really like feedback from you about the proposed scheme for providing
> access to this old UNIX software!
I think pgp is to difficult to use for some. You could use a simple
encryption programm like: ftp://isidor.ethz.ch/pub/simpl/safer.V1.1.tar.Z
which should be very portable. The passphrase could be distributed on
the license.


Mahlzeit

endergone Zwiebeltuete

-- 
insanity inside