Tracy R Reed wrote: > Stewart Stremler wrote: >> What if you're off by one? > > Don't be off by one. :) Should be easy enough to avoid. Alternatively > you could have it accept any of the generated passwords in any order. > Not sure how badly that would hurt security though. If you had 10 valid > passwords at any one time that does theoretically decrease the keyspace > that you would probably have to search by 10 times but given that there > is a time delay on re-auth attempts and the keyspace is still huge this > may not really be a problem. So then the off by one problem is solved.
The docs say that the sequence number is part of the prompt http://www.cl.cam.ac.uk/~mgk25/otpw.html > >> Do failures increment the counter? > > I do not believe they should. Only succesful auths. > ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
