From owner-freebsd-hackers Thu Jan 12 11:26:39 1995 Return-Path: hackers-owner Received: (from root@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id LAA00646 for hackers-outgoing; Thu, 12 Jan 1995 11:26:39 -0800 Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id LAA00635 for ; Thu, 12 Jan 1995 11:26:33 -0800 Received: by gvr.win.tue.nl (8.6.9/1.53) id UAA07509; Thu, 12 Jan 1995 20:25:07 +0100 From: guido@gvr.win.tue.nl (Guido van Rooij) Message-Id: <199501121925.UAA07509@gvr.win.tue.nl> Subject: Re: S/Key - What gives? To: mark@grondar.za (Mark Murray) Date: Thu, 12 Jan 1995 20:25:06 +0100 (MET) Cc: hackers@FreeBSD.org, wietse@gvr.win.tue.nl (Wietse Venema) In-Reply-To: <199501111712.TAA27382@grunt.grondar.za> from "Mark Murray" at Jan 11, 95 07:12:28 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 737 Sender: hackers-owner@FreeBSD.org Precedence: bulk Mark Murray wrote: > > 2) If we are trying (and succeeding) to avoid giving away usernames > (like not allowing fingerd the freedom it traditionally has), then > maybe we should look at this: > > a) logging in as a legitimate user with s/key enabled gives the usual > > login: > s/key > password: > > User is in. > > b) Joe Cracker comes along and wants to see if account "bloggs" exists: > > login: bloggs > password: secret > login incorrect. > > But the absence of the s/key bit already told him he's barking up the > wrong tree. Maybe a random number should be thrown in as a confuser? > Goo idea. Forwarded to Wietse Venema as well. -Guido