[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emergency! Need single use passwords!




| Hi all. We discovered that someone has been
| running a packet sniffer on our subnet of several
| dozen computers. He has all the passwords.
| This is my chance to try to get single use password
| login programs installed here. Please give me recomendations
| and ftp locations.

	S/Key is a very nice software only solution (no smart cards).
It has clients for Mac, PC, Unix, and supports paper lists as well.
Can be configured to only be invoked if the connection is from outside
your net.  ftp.win.tue.nl:/pub/security/logdaemon.tar.Z

	In quick reply to Derek's suggestion of Kerberos, I will point
out that Kerberos does not deal well with remote users. As far as I
know, you need a special connection mechanisim or your password will
travel in the clear to the boundary of your keberized network.  (There
is Kerberos support for S/key, there may be telnet programs.  There is
no paper list or palmtop support.)

Adam

	If you're interested, I can mail you the intro to S/Key sent
to our user community.  It covers S/key and PGP, since we have users
all over the globe.

-- 
"It is seldom that liberty of any kind is lost all at once."
						       -Hume