Date: Fri, 07 Jun 1996 06:06:52 -0700 From: Paul Traina <pst@shockwave.com> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: Will Brown <ewb@zns.net>, freebsd-security@FreeBSD.org Subject: Re: MD5 Crack code Message-ID: <199606071306.GAA28811@precipice.shockwave.com> In-Reply-To: Your message of "Mon, 03 Jun 1996 19:44:35 EDT." <9606032344.AA30637@halloran-eldar.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
From: Garrett Wollman <wollman@lcs.mit.edu> Subject: Re: MD5 Crack code <<On Mon, 3 Jun 1996 18:45:36 -0400 (EDT), Will Brown <ewb@zns.net> said: The IETF is developing a follow-on to S/Key called ``OTP''. I don't know what state it is in right now, but I would hope that they are specifying standard mechanisms to communicate this information over TELNET and FTP connections. Yes, it's still, IMO, kludgy (i.e. you have to look for the right strings, they're now just delimited with []'s as in [98 pr84849 required]) but the good news is they allow the use of SHA or MD5 in addition to the old MD4 in s/key. (nb: I dislike SHA for the same paranoid reasons I dislike 1-DES). I'd like opinions from folks about the switch to OTP. It's where we "should" be going, but there are a lot of utilities out there (such as Fetch for the Macintosh and our own tools) that finally understand and handle s/key properly, as well as windows/macos s/key calculators, and I really don't want to pull the rug out from under anyone. Unfortunately, because the mechanisms are so similar, but a "wee bit" different, it's really a choice of using one or the other unless someone wants to invest a LOT of work.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606071306.GAA28811>