Date: Thu, 12 Jan 1995 23:10:12 +0200 From: Mark Murray <mark@grondar.za> To: wietse@wzv.win.tue.nl (Wietse Venema) Cc: guido@gvr.win.tue.nl (Guido van Rooij), hackers@FreeBSD.org, wietse@gvr.win.tue.nl Subject: Re: S/Key - What gives? Message-ID: <199501122110.XAA08060@grunt.grondar.za>
next in thread | raw e-mail | index | archive | help
> Well, the bogus challenge should be constant for at least an hour or > so. I the s/key mailing list I proposed to seed the algorithm with the > inode ctime of '/'. That information is stable enough, and should not > be accessible to Joe Cracker. Why don't you _really_ confuse the bugger; use the name he is trying, modified by sonthing to do with the machine he is trying? ie coming in on grondar.za with name bloggs, ergo random number derived from rondar+bloggs, or some similar scheme? This number will never change... -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199501122110.XAA08060>