Bugtraq mailing list archives

Re: InterNIC Shenanigans (crypt-pw)

From: steve () edmweb com (Steve Reid)
Date: Sat, 12 Oct 1996 01:33:48 -0700

PGP auth scheme also seems vulnerable to replay attacks.


I would guess that they're only trying to defend against simple forgeries,
such as faked email addresses. Forged mail can be done by any luser with a
copy of Eudora. Replay attacks require root access on a properly placed
host (in which case you probably have more to worry about than altered DNS
info).

OTOH, if they just want to protect against simple forgeries, the use of
PGP and even crypt(3) is overkill. A simple plaintext password would
suffice.

*shrug*

Current thread:

Re: antizap2., (continued)
- Re: antizap2. Wolfgang Ley (Oct 09)
- novell utility BlackHeart (Oct 09)
  - Re: novell utility Bruce M. (Oct 09)
  - Re: novell utility Doctor Who (Oct 10)
  - Sun Security Bulletin #136 Mark Graff (Oct 10)
  - SECURITY HOLE IN AUTHENTICATION FORWARDING Charles M. Hannum (Oct 10)
    - Re: SECURITY HOLE IN AUTHENTICATION FORWARDING Tatu Ylonen (Oct 13)
  - InterNIC Shenanigans (crypt-pw) Sean B. Hamor (Oct 11)
    - Re: InterNIC Shenanigans (crypt-pw) Yiorgos Adamopoulos (Oct 11)
    - Re: InterNIC Shenanigans (crypt-pw) Igor Chudov @ home (Oct 11)
    - Re: InterNIC Shenanigans (crypt-pw) Steve Reid (Oct 12)
    - Re: InterNIC Shenanigans (crypt-pw) Rogue Agent (Oct 12)
  - Excellent host SYN-attack fix for BSD hosts Avi Freedman (Oct 11)
    - Re: Excellent host SYN-attack fix for BSD hosts Ollivier Robert (Oct 15)
    - Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 16)
    - Re: Excellent host SYN-attack fix for BSD hosts David Schwartz (Oct 16)
  - Exploit for 1.2.X (maybe some 1.3.X) kernels Marin Purgar - PMC (Oct 11)