Date: Wed, 16 Jan 2002 17:51:58 -0800 (PST) From: Koji Hino <hino@ccrl.sj.nec.com> To: stable@FreeBSD.ORG Subject: Re: 4.5-RC1: Why sshd require opie for SSH version 2? Message-ID: <20020116.175158.125114578.hino@ccrl.sj.nec.com> In-Reply-To: <20020116.173525.68550113.hino@ccrl.sj.nec.com> References: <20020116.110509.05717273.hino@ccrl.sj.nec.com> <20020116155436.A28166@zipperup.org> <20020116180508.A11693@hardy.mskcc.org> <20020116181943.B30361@zipperup.org> <3C4614CE.8050001@bogen.org> <20020116.173525.68550113.hino@ccrl.sj.nec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
From: Koji Hino <hino@ccrl.sj.nec.com> Subject: Re: 4.5-RC1: Why sshd require opie for SSH version 2? Date: Wed, 16 Jan 2002 17:35:25 -0800 (PST) ID: <20020116.173525.68550113.hino@ccrl.sj.nec.com> > So, I think get_challenge() should handle '1' case. One lost comment: Yes, from system security view, it may be desired to make indistinguishable if requested account name is valid or not. If get_challenge() handle '1' case like '-1' case, cracker can know that specific username is valid (valid on opie) or not (not valid on opie, nor passwd, etc). Koji To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116.175158.125114578.hino>