[9fans] secstore plain text dilema

[9fans] secstore plain text dilema

[matt]

There I am on a client's network. I drawterm into home happily going about my business.

and then I'm presented with the dilema :-

%ftpfs somewhere
secstore password :

What's a guy to do?

Of course what I do is type in my secstore password because I *needed* to proceed but now I know I've just broadcast the combination to the safe that contains the crown jewels.

I feel safe enough that this time I'm safe but I'm not keen on making it a regular occurrence.

Is anyone working on encrypting drawterm's comms?

If not, what are my alternatives, except not use drawterm.

m

Re: [9fans] secstore plain text dilema

[Matthias Teege]

On Tue Feb 17 09:13:30 GMT 2004, matt@proweb.co.uk wrote:
> If not, what are my alternatives, except not use drawterm.

I'm using drawterm via ssh tunnel last week. It works
but you need a tunnel endpoint in a "secure" network.
In my case I build a ssh tunnel to a host in my local
dmz.

Matthias

Re: [9fans] secstore plain text dilema

[Richard Miller]

Would it make sense to incorporate a local factotum into drawterm?

-- Richard

Re: [9fans] secstore plain text dilema

[David Presotto]

[-- Attachment #1: Type: text/plain, Size: 5 bytes --]

Sure.

[-- Attachment #2: Type: message/rfc822, Size: 1824 bytes --]

From: Richard Miller <rm@hamnavoe.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] secstore plain text dilema
Date: Tue, 17 Feb 2004 10:01:16 0000
Message-ID: <401b986dcf6d2ca05978bd00ec16f34e@hamnavoe.com>

Would it make sense to incorporate a local factotum into drawterm?

-- Richard

Re: [9fans] secstore plain text dilema

[Jim Choate]

On Tue, 17 Feb 2004 matt@proweb.co.uk wrote:

> What's a guy to do?

ssh allows one to tunnel apps through it, haven't had time to test the P9
implimentation.

> Is anyone working on encrypting drawterm's comms?

Yes, but I'm only one person. Feel free to steal my thunder ;)

 -- --

Open Forge, LLC  24/365 Onsite Support for PCs, Networks, & Game Consoles
512-695-4126 (Austin, Tx.)  help@open-forge.com  irc.open-forge.com

Hangar 18  Open Source Distributed Computing Using Plan 9 & Linux
512-451-7087  http://open-forge.org/hangar18  irc.open-forge.org

James Choate  512-451-7087  ravage@ssz.com  jchoate@open-forge.com

Re: [9fans] secstore plain text dilema

[9nut]

How about just porting the TLS device to drawterm? (not that adding
factotum support wouldn't be useful)

As an aside, as brucee and I think rsc have mentioned here before,
porting TLS should be straightforward.  I plan to look at it in my 2 days a
week + nights working on Plan9, but I currently have more pressing
fires to hold my feet to.  If someone does this in the meantime, as a
token of my appreciation, I will send him/her a bottle of Rémy Martin XO
and a box of fine cigars when the mods are accepted back into sources.

> Sure.
> 
> ===> 2/ (message/rfc822) [inline]
> To: 9fans@cse.psu.edu
> Subject: Re: [9fans] secstore plain text dilema
> From: Richard Miller <rm@hamnavoe.com>
> Date: Tue, 17 Feb 2004 10:01:16 0000
> 
> Would it make sense to incorporate a local factotum into drawterm?
> 
> -- Richard

Re: [9fans] secstore plain text dilema

[Richard Miller]

> How about just porting the TLS device to drawterm? (not that adding
> factotum support wouldn't be useful)

I'm confused:  drawterm talks to cpu, which uses ssl(3) not tls(3) -
isn't it devssl that needs porting?

-- Richard

Re: [9fans] secstore plain text dilema

[andrey mirtchovski]

On Tue, 17 Feb 2004 9nut@9netics.com wrote:

> How about just porting the TLS device to drawterm? (not that adding
> factotum support wouldn't be useful)
> 
> As an aside, as brucee and I think rsc have mentioned here before,
> porting TLS should be straightforward.  I plan to look at it in my 2 days a
> week + nights working on Plan9, but I currently have more pressing
> fires to hold my feet to.  If someone does this in the meantime, as a
> token of my appreciation, I will send him/her a bottle of Rémy Martin XO
> and a box of fine cigars when the mods are accepted back into sources.
> 

Russ Cox has a drawterm version using 9p2000, which should solve this
particular problem. He hasn't put it anywhere on the web, so you'll need
to write him for the source...

andrey

Re: [9fans] secstore plain text dilema

[9nut]

>> How about just porting the TLS device to drawterm? (not that adding
>> factotum support wouldn't be useful)
>
> I'm confused:  drawterm talks to cpu, which uses ssl(3) not tls(3) -
> isn't it devssl that needs porting?

I'm thinking of '#a' device, which is explained in tls(3).
Isn't this  it?

Re: [9fans] secstore plain text dilema

[Richard Miller]

> I'm thinking of '#a' device, which is explained in tls(3).
> Isn't this  it?

No, cpu calls pushssl(2) which uses the '#D' device.

Or at least it does if you use the (default) p9 auth method.
If you choose '-a netkey' it appears that the connection is
left in the clear (just like drawterm).

-- Richard

Re: [9fans] secstore plain text dilema

[9nut]

>> I'm thinking of '#a' device, which is explained in tls(3).
>> Isn't this  it?
>
> No, cpu calls pushssl(2) which uses the '#D' device.

You're right.

Re: [9fans] secstore plain text dilema

[Richard Miller]

OK, I've added encryption to drawterm, using pushssl(2).  I haven't
done anything about 9p2000 or factotum.

I've tried it on Linux and MacOS.  Would someone like to try building
and testing it on Windows before I submit it?

-- Richard

Re: [9fans] secstore plain text dilema

[9nut]

> OK, I've added encryption to drawterm, using pushssl(2).  I haven't
> done anything about 9p2000 or factotum.
>
> I've tried it on Linux and MacOS.  Would someone like to try building
> and testing it on Windows before I submit it?
>
> -- Richard

Sure thing. Let me know where I can pick it from.