Linux-Hams archive - August 1998: Re: Password Security

Re: Password Security

Brian Hassick (tyk.rxionm@ac-creteil.fr)
Mon, 10 Aug 1998 11:50:19 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Sean Bowers: "Re: Password Security"
Previous message: EEST: "Linux & DHCP ?"
Maybe in reply to: John J. Bauerly: "Password Security"
Next in thread: Sean Bowers: "Re: Password Security"

Sean,
John,

Why not use a one-time password scheme like Skey? It isn't the best,
but it will do the job. Problem is, you have to be able to run the skey
calculator somewhere to generate the passowrds, or you can print out a
list and scratch one off the list every time you use one. The other
good thing
about Skey is it is free.

However, some folks at a prominent hacker organization, L0pht, did point
out some weaknesses to this system:

http://www.l0pht.com/advisories/skey_paper_and_tool

Perform a search on "one time password" in altavista to obtain a large
amount of data regarding S-key and other OTP systems. I believe this
has also been previously discussed on this forum.

Here is the one time password charter group developing RFC's to
put forth standards in OTP usage, perfect for you software types
to run with!

http://www.ietf.cnri.reston.va.us/html.charters/otp-charter.html

Here is a list of OTP schemes both free and commercial:

http://tethys.st.ryukoku.ac.jp/~kjm/security/otp/otp-supported-list.html

Hope this helps.

Brian

Sean Bowers wrote:
>
> John,
>
> If this were a normal ethernet circuit (or thinnet, etc) I would just set
> up sshd and turn of telnet. Unfortunately I don't know how the FCC would
> like a bunch of encrypted ham packet traffic. I don't think it's possible
> to selectively control what part (ie login, email) you want encrypted...
> it's all or nothing. Unless someone knows more certainly on the issue of
> encryption we may have to take the risk that a cracker will filter ham
> packet traffic with his scanner and telnet to you gateway system to cause
> havoc. Interesting dilemma, and I think the answer is no encryption. 73
>
> Cheers,
> Sean
> KF4PTH
>
> ---
> drbqz.qwxjpq@duo-county.com
> Computer Programmer/Analyst
> Publication and Printing Services
> University of Southern Mississippi
>
> On Sun, 9 Aug 1998, John J. Bauerly wrote:
>
> > Hello All;
> >
> > As I get closer to activating the gate to the internet. An issue of
> > security has arisen. What does it take for server and client in AX25
> > on-the-air packet to maintain password security? I do not want to broadcast
> > the password acces to the entire world!
> >
> > John J. Bauerly NW0I
> > aeqsfaxm@kanagawa-u.ac.jp
> >
> > PS. TNX Bob for slattach!
> >
> >

-- 
Brian Hassick
BBN Technologies
617-873-5435

Next message: Sean Bowers: "Re: Password Security"
Previous message: EEST: "Linux & DHCP ?"
Maybe in reply to: John J. Bauerly: "Password Security"
Next in thread: Sean Bowers: "Re: Password Security"