Bugtraq mailing list archives
Re: S/Key & OPIE Database Vulnerability
From: eivind () YES NO (Eivind Eklund)
Date: Fri, 28 Jan 2000 12:23:10 +0100
On Thu, Jan 27, 2000 at 09:40:35AM -0500, Brandon Palmer wrote:
Ultimately I wonder how much of a future S/Key has now that SSH and similar utilities are widely deployed and provide much more sophisticated protections, especially session encryption.I think there is definatly still a need. There are many cases in which I am not on a machine what has ssh (ie some public telnet shell). Though the session is not encrypted, my password is still safe. Until ssh-java shells are common, s/key still has it's place.
This indicates a rather common misconception. SSH-Java shells should NOT make a public terminal trusted for your password; the TERMINAL is insecure, and is rather likely to be running a keystroke logger. SSH only makes the connection from the box it runs on to the box in the other end secure. Eivind.
Current thread:
- Stream.c needs more clarification, (continued)
- Stream.c needs more clarification Vanja Hrustic (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Mudge (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 26)
- Future of s/key (Re: S/Key & OPIE Database Vulnerability) Frasnelli, Dan (Jan 26)
- Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 28)
- "Strip Script Tags" in FW-1 can be circumvented Arne Vidstrom (Jan 29)
- Re: S/Key & OPIE Database Vulnerability Brandon Palmer (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 28)
- Multicast from hell John Watkins (Jan 27)
- Cobalt RaQ2 - a user of mine changed my admin password.. Chuck Pitre - Technical Support (Jan 27)
- Re: Cobalt RaQ2 - and QUBE2 Nir Simionovich (Rin Solo) (Jan 29)
- Tempfile vulnerabilities foo (Jan 30)
- [FreeBSD Security Advisory: FreeBSD-SA-00:02.procfs] Patrick Oonk (Jan 28)
- Re: Multicast from hell Omachonu Ogali (Jan 28)
- FTPPro has weird features - Fwd: Important matter for your abuse department Cedric Amand (Jan 28)
- New SCO patches... Aaron Sigel (Jan 27)
- Qpopper security bug Zhodiac (Jan 26)
- Re: S/Key & OPIE Database Vulnerability Dug Song (Jan 26)