Comment Re:Why is this a big deal? (Score 1) 342
I don't get the first line of your post. Are you suggesting SSL doesn't encrypt?
SSL is a handshake and crypto protocol. Data is encrypted, both ways. GETs, POSTs, the whole nine yards. That's sorta the point. SSL version 2 didn't protect the handshake from man in the middle attacks, so it was deemed insecure. Supposedly version 3 is stronger.
You're right about Kerberos. Typical modern day kerberos implementations use AES. Therefore its reasonable to assume a "kerberos based telnet daemon" would also use AES, if its using Kerberos 5.
SSL is a handshake and crypto protocol. Data is encrypted, both ways. GETs, POSTs, the whole nine yards. That's sorta the point. SSL version 2 didn't protect the handshake from man in the middle attacks, so it was deemed insecure. Supposedly version 3 is stronger.
You're right about Kerberos. Typical modern day kerberos implementations use AES. Therefore its reasonable to assume a "kerberos based telnet daemon" would also use AES, if its using Kerberos 5.
