Re: ssh and skey
On Thu, May 17, 2007 at 02:14:55PM -0500, Eric Johnson wrote: Obviously, a fake skey challenge would need to be saved so that if the attacker tried again, he would see the same challenge. Instead of saving the challenge, just regenerate it each time. E.g., hash a 128-bit secret with the username, and then format this as an skey challenge.
Re: ssh and skey
On Thu, May 17, 2007 at 02:47:37PM -0500, Matthew R. Dempsky wrote: Instead of saving the challenge, just regenerate it each time. E.g., hash a 128-bit secret with the username, and then format this as an skey challenge. Oops, nevermind, libskey already does this in skey_fakeprompt.