[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Thu, Dec 04, 2003 at 10:18:44AM +1100, Russell Coker wrote:
> > > What about RSA tokens? This solution does not require any special
> > > hardware to connect on the client side.
> > This also means it does not provide any additional security, besides the
> > costs.
> What makes you think that?

Well, I was talking about the "no special hardware" part. If you talk about
hardware token, yes you are right. As I said before, secureid is most likely
the worst solution you can use in an open project. (I asumed you mean RSA soft tokens)

> the resulting number be returned to the server.  However ssh doesn't support 
> custom prompts from the server, so the best we could do is to take a code 
> from the device and append it to a password to send to the server.

I think there is ACE support in SSHd, working with a timed challenge.

OpenSSh with protocol 2 supports challenge response authentication like
opie/skey which can also be used for X9.9 DES cards I guess. At least my
FreeBSD router annoys me with such a server generated login challenge.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: