From owner-freebsd-security  Mon Jun  3 10:58:28 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA06598
          for security-outgoing; Mon, 3 Jun 1996 10:58:28 -0700 (PDT)
Received: from io.org (io.org [198.133.36.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id KAA06593
          for <freebsd-security@freebsd.org>; Mon, 3 Jun 1996 10:58:26 -0700 (PDT)
Received: from zot.io.org (mattp@zot.io.org [198.133.36.82]) by io.org (8.6.12/8.6.12) with SMTP id NAA20329 for <freebsd-security@freebsd.org>; Mon, 3 Jun 1996 13:58:21 -0400
Date: Mon, 3 Jun 1996 13:55:40 -0400 (EDT)
From: Matt of the Long Red Hair <mattp@io.org>
To: freebsd-security@freebsd.org
Subject: Re: MD5 Crack code
In-Reply-To: <199606031435.QAA06701@sea.campus.luth.se>
Message-ID: <Pine.NEB.3.92.960603134928.5176R-100000@zot.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 3 Jun 1996, Mikael Karpberg wrote:

> > Personally I'd love to insist on Skey (or something like it). Seems to
> > me that simply building clients (FTP, telnet, MUA's, etc.) that are
> > "Skey aware" would go a long way. A separate Skey calculator is a
> > level of "complexity" that many naive users seem to balk at.
>
> I'm not aware of how Skey works, I must say. Doesn't it require you to
> remember one time passwords or something? Seems like a hassle. Please
> feel free to correct me, since I'm surely a novice when it comes to that. :)

I'm no expert on Skey, but I think I have a grasp on its basics.  Essentially,
yes, it does use one-time passwords.  When you choose your origional password,
you also give the system a second code which is used as salt for new
passwords.  The salt and your last password are applied to an algorithm which
returns the password you use on your next connection.

My personal feeling is that this method goes way above and beyond my
requirements.  I'd be happy knowing that my users have secure passwords and
that things like ssh are keeping others from stealing those passwords.
-----------------------------------------------------------------------------
              EMail: mattp@io.org (MP1229)             | "Sometime they will
          Home Page: http://www.io.org/~mattp          | give a war and
                                                       | nobody will come."
       Children's International Summer Villages        |
       Home Page: http://www.io.org/~mattp/CISV        |      - Carl Sandburg
-----------------------------------------------------------------------------