[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug in S/key?

To: bugs_(_at_)_openbsd_(_dot_)_org
Subject: Bug in S/key?
From: DrumFire <dpphln_(_at_)_tin_(_dot_)_it>
Date: Tue, 13 Apr 2004 10:59:34 +0200

Hi,

skeyinit.c seems to be bugged, look this:

-bash-2.05b# skeyinit 
Reminder - Only use this method if you are directly connected
           or have an encrypted channel.  If you are using telnet,
           hit return now and use skeyinit -s.
[Adding root with md5]
Enter secret passphrase: 
Again secret passphrase: 

ID root skey is otp-md5 99 open40141
Next login password: GIG IVY THIN QUOD ULAN TIED

Here, skeyinit says that Next login password is
GIG IVY THIN QUOD ULAN TIED
but is false, in fact if I login in on my system:

-bash-2.05b# login
login: root:skey
otp-md5 98 open40141
S/Key Password: 

Next counter is 98 and not 99 so the password refers to counter
99 is not valid. In attach there's a patch that print out the real
Next password (refers to counter - 1).

Tell me if is correct or if I made some mistake.

[demime 0.98d removed an attachment of type application/octet-stream which had a name of skeyinit.patch]

Prev by Date: init
Next by Date: Re: S/Key bug?
Previous by thread: init
Next by thread: Re: S/Key bug?
Index(es):
- Date
- Thread

Visit your host, monkey.org