[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OPIE and S/Key authentication

Stanislav Maslovski <stanislav.maslovski@gmail.com> writes:

> What do you say, can MD5-based OPIE system be still considered secure?
> In the repository there are opie-server and opie-client.

> Do I understand right that the strength of this system is the strength of
> one step of MD5? Are there any alternatives where a different hashing
> function can be choosen (if that is advisable)?

The weakness in MD5 is not yet of the type that is likely to compromise
OPIE systems, IMO.  The attacker still has to have quite a lot of control
over what's being compared.  Of course, changing to a better hash
algorithm is still a good idea.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: