[ On Thursday, January 27, 2000 at 16:23:58 (-0500), der Mouse wrote: ] > Subject: Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability) > > It's always seemed to me that s/key's biggest problem is that it's > *not* a true one-time password scheme: the passwords are > algorithmically related. Indeed, I believe it's no coincidence that > all the attacks against s/key (that I've heard of) are based on just > this weakness. It's very much like the difference between a > conventional stream cipher and a one-time pad, actually. In fact I've seen several sites where due to configuration (and implementation?) errors this algorithmic relationship resulted in the exact same sequence of challenge/response pairs being used on all hosts for any given account (because the same secret password was used on all hosts). Simple network sniffing or shoulder-surfing would have enabled a watchful cracker to win in very short order by simply watching the N'th login on one host and then simply finding another host where the N'th login is next replaying the phrase. Auditing to ensure that all successfull logins are accounted for is of course critical with any "one-time password" scheme. Unfortunately people will still use shared accounts (eg. root!) making such auditing very difficult and almost never done. I personally will never use s/key again. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoodsat_private> <robohack!woods> Planix, Inc. <woodsat_private>; Secrets of the Weird <woodsat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:20 PDT