Date: Mon, 3 Jun 1996 19:44:35 -0400 From: Garrett Wollman <wollman@lcs.mit.edu> To: Will Brown <ewb@zns.net> Cc: freebsd-security@FreeBSD.org Subject: Re: MD5 Crack code Message-ID: <9606032344.AA30637@halloran-eldar.lcs.mit.edu> In-Reply-To: <199606032245.SAA02583@selway.i.com> References: <199606032245.SAA02583@selway.i.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 3 Jun 1996 18:45:36 -0400 (EDT), Will Brown <ewb@zns.net> said: > To be painfully pedantic, an FTP client (say) with Skey knowledge > would observe the challenge (as opposed to normal login:), request the > secret seed password from the user (user sees "password:") generate > the one-time password using this info and complete the > authentication. To the user it looks EXACTLY like a "normal" login. Well, actually, you want to make it possible for the user to use her own calculator as well in case she is running the client over an insecure remote login. (E.g., when I deposit files from my development machine on freefall, I need to run the calculator on my desktop machine, not the (network-connected) development box.) The IETF is developing a follow-on to S/Key called ``OTP''. I don't know what state it is in right now, but I would hope that they are specifying standard mechanisms to communicate this information over TELNET and FTP connections. > The problem is that there are no Skey clients, just as there are no > SSL (or other crypto) clients, for all platforms. There are clients for Macs and PCs running DOS or Windoze. Those are the only real significant potential problem sources in most organizations... -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9606032344.AA30637>