Date: Thu, 12 Jan 95 21:52:49 MET From: wietse@wzv.win.tue.nl (Wietse Venema) To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: mark@grondar.za, hackers@FreeBSD.org, wietse@gvr.win.tue.nl Subject: Re: S/Key - What gives? Message-ID: <199501122052.VAA20779@wzv.win.tue.nl> In-Reply-To: <199501121925.UAA07509@gvr.win.tue.nl>; from "Guido van Rooij" at Jan 12, 95 8:25 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > b) Joe Cracker comes along and wants to see if account "bloggs" exists: > > But the absence of the s/key bit already told him he's barking up the > > wrong tree. Maybe a random number should be thrown in as a confuser? Well, the bogus challenge should be constant for at least an hour or so. I the s/key mailing list I proposed to seed the algorithm with the inode ctime of '/'. That information is stable enough, and should not be accessible to Joe Cracker. Wietse
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199501122052.VAA20779>