Date: Mon, 03 Jun 1996 18:42:56 -0400 From: He Who Urges Ampersands <arensb@cfar.UMD.EDU> To: "Mikael Karpberg" <karpen@sea.campus.luth.se> Cc: freebsd-security@freebsd.org Subject: Re: MD5 Crack code Message-ID: <199606032242.SAA10718@glitnir.cfar.UMD.EDU> In-Reply-To: Your message of "Mon, 03 Jun 1996 16:35:08 %2B0200." <199606031435.QAA06701@sea.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 03 Jun 1996 16:35:08 +0200, karpen@sea.campus.luth.se wrote: > > Personally I'd love to insist on Skey (or something like it). Seems to > > me that simply building clients (FTP, telnet, MUA's, etc.) that are > > "Skey aware" would go a long way. A separate Skey calculator is a > > level of "complexity" that many naive users seem to balk at. > > I'm not aware of how Skey works, I must say. Doesn't it require you to > remember one time passwords or something? Seems like a hassle. Please > feel free to correct me, since I'm surely a novice when it comes to that. :) No, you just have one password. The idea behind s/Key is to avoid having clear-text passwords transmitted over an insecure network. When you log in, the remote machine issues an s/Key challenge, which includes the "sequence number:" the remote machine keeps track of how many times you've successfully logged in. You then need to feed the s/Key challenge (including the sequence number) and your secret password to a local s/Key calculator. It then turns the whole thing into a one-time password, which you then give to the remote machine. Ordinarily, you need a local s/Key calculator handy, or else you need to print out a list of one-time passwords that you can carry around on you. Yes, this is something of a hassle. One hack that we use, which I'd like to include in FreeBSD's 'rlogin' and/or 'telnet', is that, if you type '~@', and the last N characters received from the remote end include an s/Key challenge, then the *local* 'rlogin' will prompt you for a password and run the s/Key calculator for you. In effect, instead of rlogin remotehost suspend key <sequence> <seed> <password> fg <s/Key password> you only need to ~@<password> -- Andrew Arensburger, Systems guy Center for Automation Research arensb@cfar.umd.edu University of Maryland If this isn't war, why is CNN massing on the border?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606032242.SAA10718>