From owner-cvs-all Sat Jan 19 2:54:59 2002 Delivered-To: cvs-all@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id CF7CD37B428; Sat, 19 Jan 2002 02:54:24 -0800 (PST) Received: (from ache@localhost) by nagual.pp.ru (8.11.6/8.11.6) id g0JAsKN07717; Sat, 19 Jan 2002 13:54:21 +0300 (MSK) (envelope-from ache) Date: Sat, 19 Jan 2002 13:54:19 +0300 From: "Andrey A. Chernov" To: Mark Murray Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <20020119105418.GA7683@nagual.pp.ru> References: <200201191009.g0JA95b91076@freefall.freebsd.org> <200201191047.g0JAl8t20334@grimreaper.grondar.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200201191047.g0JAl8t20334@grimreaper.grondar.org> User-Agent: Mutt/1.3.24i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Jan 19, 2002 at 10:47:08 +0000, Mark Murray wrote: > > ache 2002/01/19 02:09:05 PST > > > > Modified files: > > lib/libpam/modules/pam_opie pam_opie.c > > Log: > > If user not exist in OPIE system, return failure immediately instead > > of producing fake prompts with random numbers which can be detected by > > potential intruder in two tries and totally confuse non-OPIE users. > > I object to this. The better way is to produce fake but (semi-) constant > challenge. It is impossible. 1) How do you plan to identify intruder to keep choosed semi-constance for him? 2) S/Key and OPIE was designed to not interfere normal users processing, only incorrectly written applications use those fake promts. Fake promtps may cause not user confusion only but seriosly affects protocols which not expect them. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message