From owner-cvs-all  Sat Aug  4 16:31:37 2001
Delivered-To: cvs-all@freebsd.org
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com [135.207.30.103])
	by hub.freebsd.org (Postfix) with ESMTP
	id 51D3A37B401; Sat,  4 Aug 2001 16:31:33 -0700 (PDT)
	(envelope-from fenner@research.att.com)
Received: from alliance.research.att.com (alliance.research.att.com [135.207.26.26])
	by mail-green.research.att.com (Postfix) with ESMTP
	id 97B1E1E0A7; Sat,  4 Aug 2001 19:31:32 -0400 (EDT)
Received: from windsor.research.att.com (windsor.research.att.com [135.207.26.46])
	by alliance.research.att.com (8.8.7/8.8.7) with ESMTP id TAA07706;
	Sat, 4 Aug 2001 19:31:31 -0400 (EDT)
From: Bill Fenner <fenner@research.att.com>
Received: (from fenner@localhost)
	by windsor.research.att.com (8.8.8+Sun/8.8.5) id QAA06414;
	Sat, 4 Aug 2001 16:31:31 -0700 (PDT)
Message-Id: <200108042331.QAA06414@windsor.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
To: mark@grondar.za
Subject: Re: cvs commit: src/lib/libopie Makefile
Cc: ache@nagual.pp.ru, cvs-committers@freebsd.org,
	cvs-all@freebsd.org
References:  <200108031805.LAA19695@windsor.research.att.com> <200108041544.f74FiJr14075@grimreaper.grondar.za>
Date: Sat, 4 Aug 2001 16:31:30 -0700
Versions: dmail (solaris) 2.2j/makemail 2.9b
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


>> "echo mypassphrase | env DISPLAY=:0 otp-md5 ..."
>
>That is a bug that needs to be fixed in its own right.

You're kidding, right?  They're all heuristics, since there's no way to
determine for real whether or not input to the program "can be sniffed",
and any heuristic can be worked around.

>-f is disabled if insecure mode is not compiled in.

Which is why I was suggesting that we compile it in by default.

ssh happily prompts you for your passphrase no matter how you're
logged in.  Opie tries to protect people from themselves, but since
that's not possible, it does an imperfect job.  At least Opie requires
explicit action and warns loudly that you may be exposing your secret.

Opie's default distribution chooses security over usability.  This
choice normally encourages either misuse or disuse of the security
system -- so let's make the usability compromise, with appropriate
warnings (that are already present in the opie sources).

  Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message