From owner-freebsd-security Fri Jun 7 06:07:39 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA13300 for security-outgoing; Fri, 7 Jun 1996 06:07:39 -0700 (PDT) Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA13295 for ; Fri, 7 Jun 1996 06:07:37 -0700 (PDT) Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.5/8.7.3) with ESMTP id GAA28811; Fri, 7 Jun 1996 06:06:54 -0700 (PDT) Message-Id: <199606071306.GAA28811@precipice.shockwave.com> To: Garrett Wollman cc: Will Brown , freebsd-security@FreeBSD.org Subject: Re: MD5 Crack code In-reply-to: Your message of "Mon, 03 Jun 1996 19:44:35 EDT." <9606032344.AA30637@halloran-eldar.lcs.mit.edu> Date: Fri, 07 Jun 1996 06:06:52 -0700 From: Paul Traina Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk From: Garrett Wollman Subject: Re: MD5 Crack code < said: The IETF is developing a follow-on to S/Key called ``OTP''. I don't know what state it is in right now, but I would hope that they are specifying standard mechanisms to communicate this information over TELNET and FTP connections. Yes, it's still, IMO, kludgy (i.e. you have to look for the right strings, they're now just delimited with []'s as in [98 pr84849 required]) but the good news is they allow the use of SHA or MD5 in addition to the old MD4 in s/key. (nb: I dislike SHA for the same paranoid reasons I dislike 1-DES). I'd like opinions from folks about the switch to OTP. It's where we "should" be going, but there are a lot of utilities out there (such as Fetch for the Macintosh and our own tools) that finally understand and handle s/key properly, as well as windows/macos s/key calculators, and I really don't want to pull the rug out from under anyone. Unfortunately, because the mechanisms are so similar, but a "wee bit" different, it's really a choice of using one or the other unless someone wants to invest a LOT of work.