[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: big word listing



At 02:06 7/22/95, Alex de Joode wrote:
>Jim Gillogly sez:
>
>: Also you should be aware that cracking passwords is passe' these days:
>: it's much easier to run an ethernet sniffer and gather them wholesale.
>: Every little bit helps, though.
>
>Is there a "challenge response" type of password/login available
>somewhere ?


There is the S/Key system. The system sends you an iteration number and you
send back the responce that results (by feeding the iteration number into a
program that runs on your computer). The other side then iterates what you
send once to check against its computed PW. Every challenge counts the
number down one step so replay does no good (since the actual PW for the
this attempt is what you sent as your response during the prior cycle and
there is no way to crack the code even if you know a sequences of responses
[you need to know the seed that will generate the PW the challenger is
looking for when they do one iteration of the encoding]).