From owner-freebsd-hackers  Thu Jan 12 12:53:51 1995
Return-Path: hackers-owner
Received: (from root@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id MAA04675 for hackers-outgoing; Thu, 12 Jan 1995 12:53:51 -0800
Received: from wzv.win.tue.nl (wietse@wzv.win.tue.nl [131.155.210.17]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id MAA04669 for <hackers@FreeBSD.org>; Thu, 12 Jan 1995 12:53:46 -0800
Received: by wzv.win.tue.nl (8.6.7/1.45)
    id VAA20779; Thu, 12 Jan 1995 21:52:49 +0100
From: wietse@wzv.win.tue.nl (Wietse Venema)
Message-Id: <199501122052.VAA20779@wzv.win.tue.nl>
Subject: Re: S/Key - What gives?
To: guido@gvr.win.tue.nl (Guido van Rooij)
Date: Thu, 12 Jan 95 21:52:49 MET
Cc: mark@grondar.za, hackers@FreeBSD.org, wietse@gvr.win.tue.nl
In-Reply-To: <199501121925.UAA07509@gvr.win.tue.nl>; from "Guido van Rooij" at Jan 12, 95 8:25 pm
Organization: Eindhoven University of Technology, 
	      P.O. Box 513, 5600 MB Eindhoven, The Netherlands
X-Phone:      +31 40 472989 (after Oct 1995: +31 40 2472989)
X-Fax:        +31 40 465995 (after Oct 1995: +31 40 2465995)
X-Private:    +31 40 433327 (after Oct 1995: +31 40 2433327)
X-Mailer: ELM [version 2.3 PL11]
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

> >    b) Joe Cracker comes along and wants to see if account "bloggs" exists:
> >    But the absence of the s/key bit already told him he's barking up the
> >    wrong tree. Maybe a random number should be thrown in as a confuser?

Well, the bogus challenge should be constant for at least an hour or
so.  I the s/key mailing list I proposed to seed the algorithm with the
inode ctime of '/'. That information is stable enough, and should not
be accessible to Joe Cracker.

	Wietse