Sending passwords over the network is a recognized security risk, since passwords can be viewed by anyone using a network analyzer to inspect packet contents, yet many user authentication systems still do this most, fortunately, in an encrypted form. Today, most authentication schemes allow for encrypting the password before sending it over the wire, or using some sort of challenge/response system that doesnt require transmitting the password at all. Some legacy technologies like telnet logins, however, do not encrypt the password prior to transmission.
Yes, telnet really does send the password out onto the Internet without encrypting it. This is one reason that vanilla telnet and rlogin logins, common when dealing with Linux and UNIX systems, are being phased out in favor of ssh (Secure Shell) logins.
Home - Table Of Contents - Contact Us
CertiGuide for Network+ (http://www.CertiGuide.com/netplus/) on CertiGuide.com
Version 1.0 - Version Date: November 7, 2004
Adapted with permission from a work created by Tcat Houser and Helen O’Boyle.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.