Date: Thu, 15 Apr 1999 11:20:22 +0200 From: Mark Murray <mark@grondar.za> To: Evil Dave <daver@kizmiaz.dis.org> Cc: freebsd-security@freebsd.org Subject: Re: OPIE Message-ID: <199904150920.LAA38947@greenpeace.grondar.za> In-Reply-To: Your message of " Wed, 14 Apr 1999 17:37:52 MST." <199904150037.RAA18416@kizmiaz.dis.org> References: <199904150037.RAA18416@kizmiaz.dis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Evil Dave wrote: > the version of OPIE in /usr/src/contrib/opie is version 2.31. version 2.32 > was released well over a year ago. I'm told that to upgrade this (well, > to put the newer minor revision in place) i need some help from someone > with contrib access. any takers? I'm happy to help! > i have a pam opie lib built from the 2.31 tree and it works, but i'd like > to see the newer (again, over a year old) version put in place in case > someone ever decides to make a pam module out of the newer release. i'm sure > using 2.31 isnt all that bad, and it works well for me. SKey makes me nervous. I'd be happy to improve this (and add SHA as well). > i find it odd that s/key is supported so widely while OPIE seems ignored. > Bellcore gave up s/key and the naval research labs took it over. They had > to rename it so they decided on OPIE (one-time passwords in everything) and > implemented md5, which, if i'm not mistaken, was not in s/key at the time. i'm > not sure about s/key, did they ever implement md5? Not AFAIK. > OPIE is clearly newer and better. but i'm sure i'm reciting ancient and boring > history to most of you. the 2.31 version was released 3/20/1997. the 2.32 > version was released 1/1/1998. SKey defaults to MD4, which has key collision problems that allow an attacker with moderate computing power, some time and a few sample (snooped) keys a reasonable chance at getting a workable key. MD5 and SHA are much harder to attack in this way. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904150920.LAA38947>