From owner-freebsd-security Mon Aug 6 7:31:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id 959A437B403 for ; Mon, 6 Aug 2001 07:31:14 -0700 (PDT) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.11.4/8.11.4) id f76EV2Y59543; Mon, 6 Aug 2001 18:31:03 +0400 (MSD) (envelope-from ache) Date: Mon, 6 Aug 2001 18:30:59 +0400 From: "Andrey A. Chernov" To: Bill Fenner Cc: freebsd-security@FreeBSD.ORG Subject: Re: Opie and protecting passphrases Message-ID: <20010806183056.A59504@nagual.pp.ru> References: <200108051858.LAA15976@windsor.research.att.com> <20010806001807.A47300@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20010806001807.A47300@nagual.pp.ru> User-Agent: Mutt/1.3.19i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org More thoughts from another thread: Restricting opiepasswd _weakens_ security, because force user to ask admin to change password each time (f.e. when OPIE countdown goes to 0 or in case secret phrase becomes accidentally known). Any type of admin asking (by phone, by email) produce reaction time lag, in that period intruder can use secret phrase or user don't have its access. Email asking additionly transmit passwords over insecure channel. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message