[3436] in bugtraq
Re: InterNIC Shenanigans (crypt-pw)
daemon@ATHENA.MIT.EDU (Steve Reid)
Sat Oct 12 16:05:59 1996
Date: Sat, 12 Oct 1996 01:33:48 -0700
Reply-To: Steve Reid <steve@edmweb.com>
From: Steve Reid <steve@edmweb.com>
X-To: "Igor Chudov @ home" <ichudov@ALGEBRA.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199610120047.TAA05574@manifold.algebra.com>
> PGP auth scheme also seems vulnerable to replay attacks.
I would guess that they're only trying to defend against simple forgeries,
such as faked email addresses. Forged mail can be done by any luser with a
copy of Eudora. Replay attacks require root access on a properly placed
host (in which case you probably have more to worry about than altered DNS
info).
OTOH, if they just want to protect against simple forgeries, the use of
PGP and even crypt(3) is overkill. A simple plaintext password would
suffice.
*shrug*
