Bugtraq mailing list archives
Future of s/key (Re: S/Key & OPIE Database Vulnerability)
From: dfrasnel () ALPHALINUX ORG (Frasnelli, Dan)
Date: Wed, 26 Jan 2000 21:59:35 -0800
Ultimately I wonder how much of a future S/Key has now that SSH and similar utilities are widely deployed and provide much more sophisticated protections, especially session encryption.
Discussing how one could displace the other is not logical - ssh and s/key address two distinct security challenges. ssh by itself provides advanced confidentiality and basic authentication; s/key by itself provides advanced authentication and no confidentiality. Suggesting ssh may replace s/key is like saying "telnet might replace /bin/login". The future of s/key is probably what it always has been: an otp supplement to the basic Un*x password authentication, regardless of what the access method (ssh, rsh, serial terminal) is. Some sites I have worked with implement both: - enforced rsa authentication for remote access via ssh - s/key authentication for privileged account access. No security technology or procedure is ultimately secure; it's just a matter of time before l0pht cracks it. Regards, -- Dan Frasnelli Security analyst
Current thread:
- Re: S/Key & OPIE Database Vulnerability, (continued)
- Re: S/Key & OPIE Database Vulnerability David Maxwell (Jan 23)
- S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 23)
- Re: S/Key & OPIE Database Vulnerability Evil Pete (Jan 24)
- Re: S/Key & OPIE Database Vulnerability Mudge (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Mudge (Jan 25)
- Stream.c needs more clarification Vanja Hrustic (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Mudge (Jan 25)
- Re: S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 26)
- Future of s/key (Re: S/Key & OPIE Database Vulnerability) Frasnelli, Dan (Jan 26)
- Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Jordan Ritter (Jan 28)
- "Strip Script Tags" in FW-1 can be circumvented Arne Vidstrom (Jan 29)
- Re: S/Key & OPIE Database Vulnerability Brandon Palmer (Jan 27)
- Re: S/Key & OPIE Database Vulnerability Eivind Eklund (Jan 28)
- Multicast from hell John Watkins (Jan 27)
- Cobalt RaQ2 - a user of mine changed my admin password.. Chuck Pitre - Technical Support (Jan 27)
- Re: Cobalt RaQ2 - and QUBE2 Nir Simionovich (Rin Solo) (Jan 29)
- Tempfile vulnerabilities foo (Jan 30)