Date: Wed, 16 Mar 2011 08:35:37 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks Message-ID: <8662rjy0ty.fsf@ds4.des.no> In-Reply-To: <20110315132258.01b8e976@gumby.homeunix.com> (RW's message of "Tue, 15 Mar 2011 13:22:58 %2B0000") References: <1299682310.17149.24.camel@w500.local> <alpine.BSF.2.00.1103100147350.1891@qvfongpu.qngnvk.ybpny> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> <86ipvky8md.fsf@ds4.des.no> <20110315132258.01b8e976@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
RW <rwmaillists@googlemail.com> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > RW <rwmaillists@googlemail.com> writes: > > > IIRC there is/was a weakness in FreeBSD's OPIE implementation in > > > that it's susceptible to rainbow table attacks - I think part of > > > the hash is discarded. > > Can you provide more details? > http://lists.freebsd.org/pipermail/freebsd-security/2009-February/005114.= html Heh :) My first comment was a reference to the quality of the code, not the design. My second comment is basically the same thing I just said - we cannot change this without breaking compatibility. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8662rjy0ty.fsf>