From owner-freebsd-hackers  Thu Jan 12 13:12:23 1995
Return-Path: hackers-owner
Received: (from root@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id NAA06190 for hackers-outgoing; Thu, 12 Jan 1995 13:12:23 -0800
Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id NAA06166 for <hackers@FreeBSD.org>; Thu, 12 Jan 1995 13:12:02 -0800
Received: from localhost (localhost [127.0.0.1]) by grunt.grondar.za (8.6.9/8.6.9) with SMTP id XAA08060; Thu, 12 Jan 1995 23:10:13 +0200
Message-Id: <199501122110.XAA08060@grunt.grondar.za>
X-Authentication-Warning: grunt.grondar.za: Host localhost didn't use HELO protocol
To: wietse@wzv.win.tue.nl (Wietse Venema)
cc: guido@gvr.win.tue.nl (Guido van Rooij), hackers@FreeBSD.org,
        wietse@gvr.win.tue.nl
Subject: Re: S/Key - What gives? 
Date: Thu, 12 Jan 1995 23:10:12 +0200
From: Mark Murray <mark@grondar.za>
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

> Well, the bogus challenge should be constant for at least an hour or
> so.  I the s/key mailing list I proposed to seed the algorithm with the
> inode ctime of '/'. That information is stable enough, and should not
> be accessible to Joe Cracker.

Why don't you _really_ confuse the bugger; use the name he is trying, modified
by sonthing to do with the machine he is trying?

ie coming in on grondar.za with name bloggs, ergo random number derived
from rondar+bloggs, or some similar scheme?

This number will never change...

--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200