[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in S/key?
- To: bugs_(_at_)_openbsd_(_dot_)_org
- Subject: Bug in S/key?
- From: DrumFire <dpphln_(_at_)_tin_(_dot_)_it>
- Date: Tue, 13 Apr 2004 10:59:34 +0200
skeyinit.c seems to be bugged, look this:
Reminder - Only use this method if you are directly connected
or have an encrypted channel. If you are using telnet,
hit return now and use skeyinit -s.
[Adding root with md5]
Enter secret passphrase:
Again secret passphrase:
ID root skey is otp-md5 99 open40141
Next login password: GIG IVY THIN QUOD ULAN TIED
Here, skeyinit says that Next login password is
GIG IVY THIN QUOD ULAN TIED
but is false, in fact if I login in on my system:
otp-md5 98 open40141
Next counter is 98 and not 99 so the password refers to counter
99 is not valid. In attach there's a patch that print out the real
Next password (refers to counter - 1).
Tell me if is correct or if I made some mistake.
[demime 0.98d removed an attachment of type application/octet-stream which had a name of skeyinit.patch]