It's not possible to allow non-OPIE logins only from trusted
networks
Dag-Erling Smørgrav
des at des.no
Tue Mar 15 10:35:12 UTC 2011
RW <rwmaillists at googlemail.com> writes:
> IIRC there is/was a weakness in FreeBSD's OPIE implementation in that
> it's susceptible to rainbow table attacks - I think part of the hash
> is discarded.
Can you provide more details?
AFAIK, OPIE was written to be 100% compatible with S/Key, so any
weakness in OPIE is a design flaw in S/Key which cannot be corrected.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list