Old UNIX ftp archive - access ideas

Matthias Bruestle m at mbsks.franken.de
Fri Aug 1 17:29:48 AEST 1997


According to Warren Toomey:
> If I become the `central repository' for the software, then I'd like to
> set up access procedures which ensure that only legitimate users can access
> the archive, and that eavesdropping or hacking access to the archive
> shouldn't divulge its contents easily.
Isn't ftp for a $200-programm secure enough? I'm doing beta testing
for a programm, which costs $1100 and they distribute the passwords
for ftp by unencrypted mail. They do that allready for a few releases
and I don't think they had any problems with that.

> Keep the archive files encrypted:
> 	- This will stop hackers who penetrate the archive from getting the
> 	  plaintext version of the files. I suggest using PGP with a very
> 	  large key size to encrypt the files. The key won't be kept on the
> 	  archive machine.
I don't think you need a very large key. Everyone, which has the
choice to crack a 512bit key or to pay $200, would choose to pay.

> I'd really like feedback from you about the proposed scheme for providing
> access to this old UNIX software!
I think pgp is to difficult to use for some. You could use a simple
encryption programm like: ftp://isidor.ethz.ch/pub/simpl/safer.V1.1.tar.Z
which should be very portable. The passphrase could be distributed on
the license.


endergone Zwiebeltuete

insanity inside

More information about the TUHS mailing list