From owner-cvs-all Sat Jan 19 6:19:54 2002 Delivered-To: cvs-all@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 61C9837B489; Sat, 19 Jan 2002 06:19:38 -0800 (PST) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g0JEJZY25033; Sat, 19 Jan 2002 14:19:35 GMT (envelope-from mark@grondar.za) Received: from grondar.za (mark@localhost [127.0.0.1]) by grimreaper.grondar.org (8.11.6/8.11.6) with ESMTP id g0JEJDt21531; Sat, 19 Jan 2002 14:19:13 GMT (envelope-from mark@grondar.za) Message-Id: <200201191419.g0JEJDt21531@grimreaper.grondar.org> To: "Andrey A. Chernov" Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c References: <20020119110253.GC7683@nagual.pp.ru> In-Reply-To: <20020119110253.GC7683@nagual.pp.ru> ; from "Andrey A. Chernov" "Sat, 19 Jan 2002 14:02:54 +0300." Date: Sat, 19 Jan 2002 14:19:12 +0000 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > I object to this. The better way is to produce fake but (semi-) constant > > > challenge. > > > > It is impossible. > > > > 1) How do you plan to identify intruder to keep choosed semi-constance for > > him? > > > > I.e. those fake promts is typical fake security example which gains no > real security but problems. An attacker can now tell the difference between a real UID and one which does not exist. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message