Date: Sat, 19 Jan 2002 19:49:24 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Mark Murray <mark@grondar.za> Cc: Kris Kennaway <kris@obsecurity.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <20020119164924.GE10976@nagual.pp.ru> In-Reply-To: <200201191622.g0JGMUt22213@grimreaper.grondar.org> References: <20020119143617.GB9803@nagual.pp.ru> <200201191622.g0JGMUt22213@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 19, 2002 at 16:22:30 +0000, Mark Murray wrote: > > > Nothing to it; you'd store a few bytes in /var/run or somewhere, and > > > hash them with the provided username to generate the fake challenge. > > > > And your hash provide random numbers instead of constantly decreased as=20 > > they expected be (by intruder too). > > Nope. The hash is based on things that don't change very often, so it > will be constant for most attacks. As the intruder is not sucessfully > breaking in, there MUST BE NO decrement. But if intruder sees constant code several days and the next day number jumps to another value non smoothly, it clearly indicates non-real user behaviour for him. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119164924.GE10976>