Date: Tue, 15 Mar 2011 11:35:06 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: RW <rwmaillists@googlemail.com> Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks Message-ID: <86ipvky8md.fsf@ds4.des.no> In-Reply-To: <20110313220552.5b79de13@gumby.homeunix.com> (RW's message of "Sun, 13 Mar 2011 22:05:52 %2B0000") References: <1299682310.17149.24.camel@w500.local> <alpine.BSF.2.00.1103100147350.1891@qvfongpu.qngnvk.ybpny> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
RW <rwmaillists@googlemail.com> writes: > IIRC there is/was a weakness in FreeBSD's OPIE implementation in that > it's susceptible to rainbow table attacks - I think part of the hash > is discarded. Can you provide more details? AFAIK, OPIE was written to be 100% compatible with S/Key, so any weakness in OPIE is a design flaw in S/Key which cannot be corrected. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ipvky8md.fsf>