From owner-freebsd-security Mon Jun 1 17:01:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA15534 for freebsd-security-outgoing; Mon, 1 Jun 1998 17:01:31 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (root@COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA15468 for ; Mon, 1 Jun 1998 17:00:59 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id TAA08052; Mon, 1 Jun 1998 19:58:16 -0400 (EDT) Date: Mon, 1 Jun 1998 19:58:16 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Eivind Eklund cc: Poul-Henning Kamp , "J.A. Terranson" , "freebsd-security@FreeBSD.ORG" Subject: Re: MD5 v. DES? In-Reply-To: <19980602015132.55099@follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 2 Jun 1998, Eivind Eklund wrote: > On Mon, Jun 01, 1998 at 07:46:35PM -0400, Robert Watson wrote: > > Accept kerberosIV, local passwords, one-time-passwords when using ssh or > > kerberized rlogin. > > The SSH-1 protocol doesn't make it possible to use s/key for one-time > passwords, at least. There is no provision for showing a challenge to > the user. This is a problem with a protocol that claims to be a secure shell protocol. For the sake of example, then, how about IMAP using SASL support for s/key over SSL? Robert N Watson ---- Carnegie Mellon University http://www.cmu.edu/ Trusted Information Systems http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message