Bugtraq mailing list archives
Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability)
From: woods () MOST WEIRD COM (Greg A. Woods)
Date: Sun, 30 Jan 2000 00:09:57 -0500
[ On Thursday, January 27, 2000 at 16:23:58 (-0500), der Mouse wrote: ]
Subject: Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability) It's always seemed to me that s/key's biggest problem is that it's *not* a true one-time password scheme: the passwords are algorithmically related. Indeed, I believe it's no coincidence that all the attacks against s/key (that I've heard of) are based on just this weakness. It's very much like the difference between a conventional stream cipher and a one-time pad, actually.
In fact I've seen several sites where due to configuration (and implementation?) errors this algorithmic relationship resulted in the exact same sequence of challenge/response pairs being used on all hosts for any given account (because the same secret password was used on all hosts). Simple network sniffing or shoulder-surfing would have enabled a watchful cracker to win in very short order by simply watching the N'th login on one host and then simply finding another host where the N'th login is next replaying the phrase. Auditing to ensure that all successfull logins are accounted for is of course critical with any "one-time password" scheme. Unfortunately people will still use shared accounts (eg. root!) making such auditing very difficult and almost never done. I personally will never use s/key again. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods () acm org> <robohack!woods> Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>
Current thread:
- Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability) der Mouse (Jan 27)
- rzsz emails usage stats without user consent Kris Kennaway (Jan 29)
- Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability) Greg A. Woods (Jan 29)
- RedHat 6.1 /and others/ PAM Michal Zalewski (Jan 30)
- Disable Parent Paths Robert Zachary (Jan 31)