1995-07-23 - Re: big word listing

Header Data

From: hal9001@panix.com (Robert A. Rosenberg)
To: Alex de Joode <usura@replay.com>
Message Hash: a827901835cc7ff90c44aec6c8aab072083f91a75e331ad91be395604230c846
Message ID: <v02130500ac378ce23a8b@[166.84.254.3]>
Reply To: N/A
UTC Datetime: 1995-07-23 05:54:18 UTC
Raw Date: Sat, 22 Jul 95 22:54:18 PDT

Raw message

From: hal9001@panix.com (Robert A. Rosenberg)
Date: Sat, 22 Jul 95 22:54:18 PDT
To: Alex de Joode <usura@replay.com>
Subject: Re: big word listing
Message-ID: <v02130500ac378ce23a8b@[166.84.254.3]>
MIME-Version: 1.0
Content-Type: text/plain


At 02:06 7/22/95, Alex de Joode wrote:
>Jim Gillogly sez:
>
>: Also you should be aware that cracking passwords is passe' these days:
>: it's much easier to run an ethernet sniffer and gather them wholesale.
>: Every little bit helps, though.
>
>Is there a "challenge response" type of password/login available
>somewhere ?


There is the S/Key system. The system sends you an iteration number and you
send back the responce that results (by feeding the iteration number into a
program that runs on your computer). The other side then iterates what you
send once to check against its computed PW. Every challenge counts the
number down one step so replay does no good (since the actual PW for the
this attempt is what you sent as your response during the prior cycle and
there is no way to crack the code even if you know a sequences of responses
[you need to know the seed that will generate the PW the challenger is
looking for when they do one iteration of the encoding]).







Thread