From owner-freebsd-security Mon Jun 3 16:19:36 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA27442 for security-outgoing; Mon, 3 Jun 1996 16:19:36 -0700 (PDT) Received: from bunyip.cc.uq.oz.au (pp@bunyip.cc.uq.oz.au [130.102.2.1]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA27437 for ; Mon, 3 Jun 1996 16:19:31 -0700 (PDT) Received: from bunyip.cc.uq.oz.au by bunyip.cc.uq.oz.au id <26195-0@bunyip.cc.uq.oz.au>; Tue, 4 Jun 1996 09:19:10 +1000 Received: from netfl15a.devetir.qld.gov.au by pandora.devetir.qld.gov.au (8.6.10/DEVETIR-E0.3a) with ESMTP id JAA09666; Tue, 4 Jun 1996 09:19:47 +1000 Received: from localhost by netfl15a.devetir.qld.gov.au (8.6.8.1/DEVETIR-0.1) id XAA17131; Mon, 3 Jun 1996 23:19:46 GMT Message-Id: <199606032319.XAA17131@netfl15a.devetir.qld.gov.au> X-Mailer: exmh version 1.6.5 12/11/95 To: Will Brown cc: security@freebsd.org Subject: Re: MD5 Crack code In-reply-to: Your message of "Mon, 03 Jun 1996 18:45:36 -0400." <199606032245.SAA02583@selway.i.com> X-Face: 3}heU+2?b->-GSF-G4T4>jEB9~FR(V9lo&o>kAy=Pj&;oVOc<|pr%I/VSG"ZD32J>5gGC0N 7gj]^GI@M:LlqNd]|(2OxOxy@$6@/!,";-!OlucF^=jq8s57$%qXd/ieC8DhWmIy@J1AcnvSGV\|*! >Bvu7+0h4zCY^]{AxXKsDTlgA2m]fX$W@'8ev-Qi+-;%L'CcZ'NBL!@n?}q!M&Em3*eW7,093nOeV8 M)(u+6D;%B7j\XA/9j4!Gj~&jYzflG[#)E9sI&Xe9~y~Gn%fA7>F:YKr"Wx4cZU*6{^2ocZ!YyR Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 04 Jun 1996 09:19:44 +1000 From: Stephen Hocking Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Dave Andersen said: > > SecurID is a challenge/response one-time authentication system. You > > log on, the system tells you the challenge, you enter the challenge in to > > your SecurID calculator along with your calculator password, the calc. > > hands you back a response, you type the response in, you're authenticated. > > Good stuff for high-security applications. > > I thought the Security Dynamics card had only an LCD display and no > keyboard. It generates a new password every minute. That plus a PIN > are used to gain access. So you have to HAVE the card and KNOW the PIN > - two factors. Exactly how it stays in time-sync with servers I don't > know. Maybe there is more to it... (speak up folks). Yes > unfortunately the target customer seems to be high-end security > freaks (with $$), not ISPs and the ilk (sigh). > Yes, we must be one of those - my card is turning up in 3 weeks. It was prompted by me announcing to out network guys that I wanted to set up my FreeBSD machine as a PPP server - they freaked. Stephen -- The views expressed above are not those of the Worker's Compensation Board of Queensland, Australia.