From owner-freebsd-security@FreeBSD.ORG Wed Dec 10 17:02:58 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2E7016A4CE for ; Wed, 10 Dec 2003 17:02:58 -0800 (PST) Received: from tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id B2ED343D30 for ; Wed, 10 Dec 2003 17:02:57 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 13890 invoked from network); 11 Dec 2003 01:02:57 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by laptop.tenebras.com with SMTP; 11 Dec 2003 01:02:57 -0000 Message-ID: <3FD7C240.4030005@tenebras.com> Date: Wed, 10 Dec 2003 17:02:56 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de MIME-Version: 1.0 To: Brett Glass References: <6.0.0.22.2.20031210115335.04c2fc50@localhost> <20031210093927.70c87960.amonk@gnutec.com> <6.0.0.22.2.20031210124332.04e94ac0@localhost> <16343.33321.632599.190251@oscar.buszard-welcher.com> <6.0.0.22.2.20031210173916.04f57be8@localhost> In-Reply-To: <6.0.0.22.2.20031210173916.04f57be8@localhost> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Kyle Amon cc: security@freebsd.org Subject: Re: s/key authentication for Apache on FreeBSD? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 01:02:58 -0000 Brett Glass wrote: > The people in question have Palm Pilots. And, yes, in a pinch > slips of paper could be generated. The key thing is to be able > to get in from a public kiosk without the risk of compromised > passwords. The problem with S/key or OPIE authentication is that it is sadly subject to a MITM attack, and relies on blind trust in the server. The challenge is not a random challenge, it is unfortunately a sequence number and salt -- if I trick you into typing in the one-time password with a lower sequence number than the current one you are proper fucked. I can then generate all of the subsequent "one-time" passwords. If you have a half-authenticated SSL connection, and are conducting the exchange over it, then it should be fine.