It's not possible to allow non-OPIE logins only from trusted
networks
Dag-Erling Smørgrav
des at des.no
Wed Mar 16 07:35:38 UTC 2011
RW <rwmaillists at googlemail.com> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > RW <rwmaillists at googlemail.com> writes:
> > > IIRC there is/was a weakness in FreeBSD's OPIE implementation in
> > > that it's susceptible to rainbow table attacks - I think part of
> > > the hash is discarded.
> > Can you provide more details?
> http://lists.freebsd.org/pipermail/freebsd-security/2009-February/005114.html
Heh :)
My first comment was a reference to the quality of the code, not the
design. My second comment is basically the same thing I just said - we
cannot change this without breaking compatibility.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list