Re: Backport of the integer overflow in the brk system call
On Thu, Dec 04, 2003 at 10:18:44AM +1100, Russell Coker wrote:
> > > What about RSA tokens? This solution does not require any special
> > > hardware to connect on the client side.
> > This also means it does not provide any additional security, besides the
> > costs.
> What makes you think that?
Well, I was talking about the "no special hardware" part. If you talk about
hardware token, yes you are right. As I said before, secureid is most likely
the worst solution you can use in an open project. (I asumed you mean RSA soft tokens)
> the resulting number be returned to the server. However ssh doesn't support
> custom prompts from the server, so the best we could do is to take a code
> from the device and append it to a password to send to the server.
I think there is ACE support in SSHd, working with a timed challenge.
OpenSSh with protocol 2 supports challenge response authentication like
opie/skey which can also be used for X9.9 DES cards I guess. At least my
FreeBSD router annoys me with such a server generated login challenge.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: