On Sun, 13 Mar 2011 21:06:17 +0000 Miguel Lopes Santos Ramos <[email protected]> wrote:
> > Seg, 2011-03-14 às 07:40 +1100, Peter Jeremy escreveu: > > On 2011-Mar-10 23:09:07 +0000, Miguel Lopes Santos Ramos > > <[email protected]> wrote: > > >- The objection on S/KEY on that wiki page, that it's possible to > > >compute all previous passwords, is a bit odd, since past passwords > > >won't be used anymore. > > > > One weakness of S/KEY and OPIE is that if an attacker finds the > > password (response) for sequence N then they can trivially determine > > the response for any sequence > N. This could occur if (eg) you > > have a printout of OPIE keys and are just crossing them off (which > > was a common recommendation prior to smart phones etc) - an > > attacker just needs to memorise the lowest N and response. > > Ok, admittedly, it took me a while to see in what way that could be a > weekness. It's a bit like hoping for a little remaining security after > the password list was compromised. It means they can compute keys that they already have on the printout plus obsolete keys. In what sense is that a weakness? IIRC there is/was a weakness in FreeBSD's OPIE implementation in that it's susceptible to rainbow table attacks - I think part of the hash is discarded. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
