Date: Mon, 3 Jun 1996 16:35:08 +0200 (MET DST) From: "Mikael Karpberg" <karpen@sea.campus.luth.se> To: freebsd-security@FreeBSD.ORG Subject: Re: MD5 Crack code Message-ID: <199606031435.QAA06701@sea.campus.luth.se> In-Reply-To: <199606031210.IAA01617@selway.i.com> from "Will Brown" at Jun 3, 96 08:10:04 am
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. > Trying (and hopefully failing) to Crack passwords is onne thing. An > altogether other thing is cleartext passwords flying around on the > net. IMHO that is the largest single risk to systems that are not > firewalled. Agreed, but some passwords that users use could easilly make you shiver for days... ;) > Personally I'd love to insist on Skey (or something like it). Seems to > me that simply building clients (FTP, telnet, MUA's, etc.) that are > "Skey aware" would go a long way. A separate Skey calculator is a > level of "complexity" that many naive users seem to balk at. I'm not aware of how Skey works, I must say. Doesn't it require you to remember one time passwords or something? Seems like a hassle. Please feel free to correct me, since I'm surely a novice when it comes to that. :) > SecurID (for example) may be "better" because it is "two factor" > but it seems like they are using that to justify a system that is far > more complex than is required (backend relational databases, etc. etc.) Never heard of. Short description of what it is? > Anybody know of work going on in this direction? In particular, > cross-platform SKey aware clients? Why not simply something like SSL which is being developed and used a lot just because the WWW is growing with enormous speed? If you have a secure link, there is no need for a lot of hassle. You can send anything over the socket and it'll be safe. Umm.. No? /Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606031435.QAA06701>