Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability)

[woods () MOST WEIRD COM (Greg A. Woods)]

[ On Thursday, January 27, 2000 at 16:23:58 (-0500), der Mouse wrote: ]
> Subject: Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability)
>
> It's always seemed to me that s/key's biggest problem is that it's
> *not* a true one-time password scheme: the passwords are
> algorithmically related.  Indeed, I believe it's no coincidence that
> all the attacks against s/key (that I've heard of) are based on just
> this weakness.  It's very much like the difference between a
> conventional stream cipher and a one-time pad, actually.

In fact I've seen several sites where due to configuration (and
implementation?) errors this algorithmic relationship resulted in the
exact same sequence of challenge/response pairs being used on all hosts
for any given account (because the same secret password was used on all
hosts).  Simple network sniffing or shoulder-surfing would have enabled
a watchful cracker to win in very short order by simply watching the
N'th login on one host and then simply finding another host where the
N'th login is next replaying the phrase.

Auditing to ensure that all successfull logins are accounted for is of
course critical with any "one-time password" scheme.  Unfortunately
people will still use shared accounts (eg. root!) making such auditing
very difficult and almost never done.

I personally will never use s/key again.

--
                                                        Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods () acm org>      <robohack!woods>
Planix, Inc. <woods () planix com>; Secrets of the Weird <woods () weird com>