From owner-freebsd-security  Fri Jun  7 22:12:21 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA08228
          for security-outgoing; Fri, 7 Jun 1996 22:12:21 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id WAA08223
          for <freebsd-security@FreeBSD.org>; Fri, 7 Jun 1996 22:12:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by rover.village.org (8.7.5/8.6.6) with SMTP id XAA28275; Fri, 7 Jun 1996 23:11:23 -0600 (MDT)
Message-Id: <199606080511.XAA28275@rover.village.org>
To: Will Brown <ewb@zns.net>
Subject: Re: MD5 Crack code 
Cc: angio@aros.net, karpen@sea.campus.luth.se, freebsd-security@FreeBSD.org
In-reply-to: Your message of Mon, 03 Jun 1996 18:45:36 EDT
Date: Fri, 07 Jun 1996 23:11:23 -0600
From: Warner Losh <imp@village.org>
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

: - two factors. Exactly how it stays in time-sync with servers I don't
: know. Maybe there is more to it... (speak up folks).  Yes
: unfortunately the target customer seems to be high-end security
: freaks (with $$), not ISPs and the ilk (sigh).

I recall some discussions around the office about using these.  It
will know what time your card is at by what number you type in.  The
server knows all the numbers +- 15 minutes and can use what you claim
the number to be to "skew" the delta time on changes.  Put more
simply, the server knows what the delta between passwords is to much
more accuracy than 1 minute.  Kinda a clever scheme.

Warner