From owner-freebsd-security Mon Jun 3 05:10:47 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA11133 for security-outgoing; Mon, 3 Jun 1996 05:10:47 -0700 (PDT) Received: from ns1.zygaena.com (ns1.zygaena.com [206.148.80.3]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA11128 for ; Mon, 3 Jun 1996 05:10:41 -0700 (PDT) Received: (from nobody@localhost) by ns1.zygaena.com (8.7.5/8.7.3) id IAA06840; Mon, 3 Jun 1996 08:10:33 -0400 (EDT) X-Authentication-Warning: ns1.zygaena.com: nobody set sender to using -f Received: from selway.i.com(198.30.169.1) by ns1.zygaena.com via smap (V1.3) id sma006835; Mon Jun 3 08:10:05 1996 Received: (from ewb@localhost) by selway.i.com (8.7.3/8.7.3) id IAA01617; Mon, 3 Jun 1996 08:10:04 -0400 (EDT) Date: Mon, 3 Jun 1996 08:10:04 -0400 (EDT) From: Will Brown Message-Id: <199606031210.IAA01617@selway.i.com> To: freebsd-security@freebsd.org, mattp@conundrum.com Subject: Re: MD5 Crack code Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Trying (and hopefully failing) to Crack passwords is onne thing. An altogether other thing is cleartext passwords flying around on the net. IMHO that is the largest single risk to systems that are not firewalled. Personally I'd love to insist on Skey (or something like it). Seems to me that simply building clients (FTP, telnet, MUA's, etc.) that are "Skey aware" would go a long way. A separate Skey calculator is a level of "complexity" that many naive users seem to balk at. SecurID (for example) may be "better" because it is "two factor" but it seems like they are using that to justify a system that is far more complex than is required (backend relational databases, etc. etc.) Anybody know of work going on in this direction? In particular, cross-platform SKey aware clients? ------------------------============================----------------------- Will Brown ewb@zns.net Professional Web Design Zygaena Network Services http://www.zns.net and Hosting 216-381-6019 (voice) 216-381-6064 (fax) at reasonable prices