Bugtraq mailing list archives

Re: S/Key & OPIE Database Vulnerability

From: dugsong () MONKEY ORG (Dug Song)
Date: Wed, 26 Jan 2000 21:18:34 -0500


On Tue, 25 Jan 2000, Mudge wrote:

MONkey, the S/Key cracker and a white paper talking about the problems
with having the skeykeys file readable was released by the L0pht in
May of 1996.


i wrote an S/Key module for Solar Designer's excellent John the Ripper
cracker tonight, since the MONkey cracker is getting to be a bit dated
(cool name, though :-)

        http://www.monkey.org/~dugsong/john-1.6.skey.patch-1

-d.

---
http://www.monkey.org/~dugsong/

Current thread:

Re: S/Key & OPIE Database Vulnerability, (continued)
- - - Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 28)
    - Multicast from hell John Watkins (Jan 27)
    - Cobalt RaQ2 - a user of mine changed my admin password.. Chuck Pitre - Technical Support (Jan 27)
    - Re: Cobalt RaQ2 - and QUBE2 Nir Simionovich (Rin Solo) (Jan 29)
    - Tempfile vulnerabilities foo (Jan 30)
    - [FreeBSD Security Advisory: FreeBSD-SA-00:02.procfs] Patrick Oonk (Jan 28)
    - Re: Multicast from hell Omachonu Ogali (Jan 28)
    - FTPPro has weird features - Fwd: Important matter for your abuse department Cedric Amand (Jan 28)
    - New SCO patches... Aaron Sigel (Jan 27)
    - Qpopper security bug Zhodiac (Jan 26)
    - Re: S/Key & OPIE Database Vulnerability Dug Song (Jan 26)
    - Microsoft Security Bulletin (MS00-006) Microsoft Product Security (Jan 26)
    - Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Mnemonix (Jan 26)
    - Re: Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Fredrik Widlund (Jan 30)
    - Re: explanation and code for stream.c issues Nathan Ollerenshaw (Jan 21)