Re: It's not possible to allow non-OPIE logins only from trusted
--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 2011-Mar-10 23:09:07 +0000, Miguel Lopes Santos Ramos <mbox@miguel.ramos=
=2Ename> wrote:
>- The objection on S/KEY on that wiki page, that it's possible to
>compute all previous passwords, is a bit odd, since past passwords won't
>be used anymore.
One weakness of S/KEY and OPIE is that if an attacker finds the
password (response) for sequence N then they can trivially determine
the response for any sequence > N. This could occur if (eg) you have
a printout of OPIE keys and are just crossing them off (which was a
common recommendation prior to smart phones etc) - an attacker just
needs to memorise the lowest N and response.
--=20
Peter Jeremy
--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
iEYEARECAAYFAk19K9YACgkQ/opHv/APuIcnugCfYPfTapafPzGfhZJGD5eP/Otu
k5kAmwWfDI481VUuKfo6LDXin3YsgLF8
=Fo0q
-----END PGP SIGNATURE-----
--tKW2IUtsqtDRztdT--
討論串 (同標題文章)
完整討論串 (本文為第 16 之 26 篇):