From owner-freebsd-stable Wed Jan 16 17:52: 8 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mail4.nec.com (dns4.nec.com [131.241.15.4]) by hub.freebsd.org (Postfix) with ESMTP id 1871337B402 for ; Wed, 16 Jan 2002 17:52:06 -0800 (PST) Received: from netkeeper2.sj.nec.com (netkeeper2.sj.nec.com [131.241.31.10]) by mail4.nec.com (/) with ESMTP id g0H1pxe21249 for ; Wed, 16 Jan 2002 17:51:59 -0800 (PST) Received: from ccrl.sj.nec.com (localhost [127.0.0.1]) by netkeeper2.sj.nec.com (8.9.1a/8.9.1) with ESMTP id RAA19114 for ; Wed, 16 Jan 2002 17:51:58 -0800 (PST) Received: from localhost (hirosige [131.241.79.26]) by ccrl.sj.nec.com (8.9.3/8.9.2) with ESMTP id RAA16277 for ; Wed, 16 Jan 2002 17:51:59 -0800 (PST) Date: Wed, 16 Jan 2002 17:51:58 -0800 (PST) Message-Id: <20020116.175158.125114578.hino@ccrl.sj.nec.com> To: stable@FreeBSD.ORG Subject: Re: 4.5-RC1: Why sshd require opie for SSH version 2? From: Koji Hino In-Reply-To: <20020116.173525.68550113.hino@ccrl.sj.nec.com> References: <20020116.110509.05717273.hino@ccrl.sj.nec.com> <20020116155436.A28166@zipperup.org> <20020116180508.A11693@hardy.mskcc.org> <20020116181943.B30361@zipperup.org> <3C4614CE.8050001@bogen.org> <20020116.173525.68550113.hino@ccrl.sj.nec.com> Organization: C&C Research Laboratories (CCRL), NEC USA, Inc. X-Mailer: Mew version 2.2rc1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG From: Koji Hino Subject: Re: 4.5-RC1: Why sshd require opie for SSH version 2? Date: Wed, 16 Jan 2002 17:35:25 -0800 (PST) ID: <20020116.173525.68550113.hino@ccrl.sj.nec.com> > So, I think get_challenge() should handle '1' case. One lost comment: Yes, from system security view, it may be desired to make indistinguishable if requested account name is valid or not. If get_challenge() handle '1' case like '-1' case, cracker can know that specific username is valid (valid on opie) or not (not valid on opie, nor passwd, etc). Koji To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message