At 02:06 7/22/95, Alex de Joode wrote:
Jim Gillogly sez:
: Also you should be aware that cracking passwords is passe' these days: : it's much easier to run an ethernet sniffer and gather them wholesale. : Every little bit helps, though.
Is there a "challenge response" type of password/login available somewhere ?
There is the S/Key system. The system sends you an iteration number and you send back the responce that results (by feeding the iteration number into a program that runs on your computer). The other side then iterates what you send once to check against its computed PW. Every challenge counts the number down one step so replay does no good (since the actual PW for the this attempt is what you sent as your response during the prior cycle and there is no way to crack the code even if you know a sequences of responses [you need to know the seed that will generate the PW the challenger is looking for when they do one iteration of the encoding]).