Mudge writes:
> Just as an FYI - MONkey, the S/Key cracker and a white paper talking about
> the problems with having the skeykeys file readable was released by the
> L0pht in May of 1996.
>
> The tool allows one to not only use the skeykeys file as entry to the
> crypt and compare but also the network response due to too much server
> side information being present.
>
> The tool and paper are still available
> at: http://www.l0pht.com/advisories/skey_paper_and_tool
It doesn't surprise me that S/Key cracking software has existed for a
while, and I certainly did not mean to imply that S/Key is immune to
dictionary attacks on user secrets.
My point was that the skeykeys/opiekeys file does not contain any
information that has not already been exposed on the network, so making
those files unreadable is not truly hiding the information they contain;
at best it only keeping attackers away from a convenient central
repository of previously exposed information.
There are also other ways to attack S/Key secrets. Users of S/Key may
keep their secrets in a laptop or palmtop in easily readable form. If
the user keeps the secret in his head, then it's possible to
"shoulder-surf" the secret as it's typed in. Some users of S/Key may
also print out and carry lists of precomputed challenge responses if
they don't have a portable response calculator. Users who are
particularly weak on S/Key concepts may actually use one remote system
to compute S/Key responses for another and expose their secret in the
process, or keep their S/Key secret on the same system that they use
S/Key authentication on.
