On 2011-Mar-10 23:09:07 +0000, Miguel Lopes Santos Ramos <[email protected]> wrote: >- The objection on S/KEY on that wiki page, that it's possible to >compute all previous passwords, is a bit odd, since past passwords won't >be used anymore.
One weakness of S/KEY and OPIE is that if an attacker finds the password (response) for sequence N then they can trivially determine the response for any sequence > N. This could occur if (eg) you have a printout of OPIE keys and are just crossing them off (which was a common recommendation prior to smart phones etc) - an attacker just needs to memorise the lowest N and response. -- Peter Jeremy
pgpzftFfptj93.pgp
Description: PGP signature
