[13567] in bugtraq
Re: S/Key & OPIE Database Vulnerability
daemon@ATHENA.MIT.EDU (Steve VanDevender)
Wed Jan 26 12:02:10 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <14477.63890.52679.325267@hexadecimal.uoregon.edu>
Date: Tue, 25 Jan 2000 11:29:22 -0800
Reply-To: Steve VanDevender <stevev@HEXADECIMAL.UOREGON.EDU>
From: Steve VanDevender <stevev@HEXADECIMAL.UOREGON.EDU>
X-To: Mudge <mudge@l0pht.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSO.4.21.0001250857380.608-100000@0nus.l0pht.com>
Mudge writes:
> Just as an FYI - MONkey, the S/Key cracker and a white paper talking about
> the problems with having the skeykeys file readable was released by the
> L0pht in May of 1996.
>
> The tool allows one to not only use the skeykeys file as entry to the
> crypt and compare but also the network response due to too much server
> side information being present.
>
> The tool and paper are still available
> at: http://www.l0pht.com/advisories/skey_paper_and_tool
It doesn't surprise me that S/Key cracking software has existed for a
while, and I certainly did not mean to imply that S/Key is immune to
dictionary attacks on user secrets.
My point was that the skeykeys/opiekeys file does not contain any
information that has not already been exposed on the network, so making
those files unreadable is not truly hiding the information they contain;
at best it only keeping attackers away from a convenient central
repository of previously exposed information.
There are also other ways to attack S/Key secrets. Users of S/Key may
keep their secrets in a laptop or palmtop in easily readable form. If
the user keeps the secret in his head, then it's possible to
"shoulder-surf" the secret as it's typed in. Some users of S/Key may
also print out and carry lists of precomputed challenge responses if
they don't have a portable response calculator. Users who are
particularly weak on S/Key concepts may actually use one remote system
to compute S/Key responses for another and expose their secret in the
process, or keep their S/Key secret on the same system that they use
S/Key authentication on.
