Date: Sat, 19 Jan 2002 14:19:12 +0000 From: Mark Murray <mark@grondar.za> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opie pam_opie.c Message-ID: <200201191419.g0JEJDt21531@grimreaper.grondar.org> In-Reply-To: <20020119110253.GC7683@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru> "Sat, 19 Jan 2002 14:02:54 %2B0300." References: <20020119110253.GC7683@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I object to this. The better way is to produce fake but (semi-) constant > > > challenge. > > > > It is impossible. > > > > 1) How do you plan to identify intruder to keep choosed semi-constance for > > him? > > > > I.e. those fake promts is typical fake security example which gains no > real security but problems. An attacker can now tell the difference between a real UID and one which does not exist. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201191419.g0JEJDt21531>