OPIE considered insecure
Dag-Erling Smørgrav
des at des.no
Mon Feb 9 03:25:29 PST 2009
Benjamin Lutz <mail at maxlor.com> writes:
> I was a bit shocked to find out that OPIE truncates all digests to 64 bits,
> no matter which algorithm you use. Some quick research into the current
> speed of MD5 brute-forcing produced this result:
> [...]
> So, is there an existing alternative one time password implementation that
> works on FreeBSD? Also, as a suggestion to the security team, maybe it's
> time to deprecate or remove OPIE?
Our current OPIE implementation is a piece of crap. Feel free to
suggest (or write) a replacement.
That being said, there is no reason why OPIE challenges and responses
can't be extended to 128 bits or more. The only downside is that users
won't be able to use existing key calculators; they'll have to use
pre-generated response sheets.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list