begin quoting Tracy R Reed as of Tue, Apr 04, 2006 at 06:22:53PM -0700: > Stewart Stremler wrote: > > What if you're off by one? > > Don't be off by one. :) Should be easy enough to avoid.
Yeah, the challenge-response can do that. :) > Alternatively > you could have it accept any of the generated passwords in any order. > Not sure how badly that would hurt security though. I suspect more than we'd suspect, but that's also paranoia speaking. :) > If you had 10 valid > passwords at any one time that does theoretically decrease the keyspace > that you would probably have to search by 10 times but given that there > is a time delay on re-auth attempts and the keyspace is still huge this > may not really be a problem. So then the off by one problem is solved. Prompting is easier. :) > > Do failures increment the counter? > > I do not believe they should. Only succesful auths. ...avoid the easy DOS attack. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
