From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 20 01:45:09 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9E7D916A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 20 Apr 2004 01:45:09 -0700 (PDT)
Received: from mail.lanwest.com.au (lanwest4-gw.highway1.com.au
	[203.23.222.13])	by mx1.FreeBSD.org (Postfix) with SMTP id 6DCE943D4C
	for <freebsd-questions@freebsd.org>;
	Tue, 20 Apr 2004 01:45:07 -0700 (PDT)
	(envelope-from ben@lanwest.com.au)
Received: from lanwest.com.au (eddie [192.168.0.101])
	by mail.lanwest.com.au (8.12.8/8.12.8) with ESMTP id i3K8gc4M030530;
	Tue, 20 Apr 2004 16:42:38 +0800
Message-ID: <4084E314.7030808@lanwest.com.au>
Date: Tue, 20 Apr 2004 16:45:08 +0800
From: Benjamin Meade <ben@lanwest.com.au>
Organization: LanWest Pty Ltd
User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Marshall Pierce <mpierce@hmc.edu>
References: <FGECJDEHFNLFJMKMFJEOEENDDCAA.zen8061@zen.co.uk>
	<20040420071720.GC28812@happy-idiot-talk.infracaninophile.co.uk>
	<20040420072629.GD28812@happy-idiot-talk.infracaninophile.co.uk>
	<E9FBEBAA-92A0-11D8-B21F-000393192092@hmc.edu>
In-Reply-To: <E9FBEBAA-92A0-11D8-B21F-000393192092@hmc.edu>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: Zen <zen8061@zen.co.uk>
cc: freebsd-questions@freebsd.org
Subject: Re: Checking New Password
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: ben@lanwest.com.au
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2004 08:45:09 -0000

Marshall Pierce wrote:

> These may be helpful:
> http://www.onlamp.com/pub/a/bsd/2003/10/30/FreeBSD_Basics.html
> http://www.onlamp.com/pub/a/bsd/2001/01/17/FreeBSD_Basics.html

If I may just raise a small caution flag with regard to the top 
article/application. The author states:

"...don't panic over the telnet word. The insecure telnet service isn't running 
on ..."

The major insecurities in telnet are still present using this method of 
generating passwords. Instead of a sniffer getting the actual password, they get 
a list of six. Note that this is only using the network version, not the client 
side system.

On the other hand, wrapping the communication with the server in ssl sounds like 
a very good solution for user passwords. You could even use a website in perl 
over https.

Hmmm....I know what I'll be doing for the next few hours. :)

-- 
Benjamin Meade
System Administrator
LanWest Pty Ltd
Ph:  +61 (8) 9440 3033
Fax: +61 (8) 9440 3370