wiretapping techniques

PAAAAAR%CALSTATE.BITNET at cunyvm.cuny.edu PAAAAAR%CALSTATE.BITNET at cunyvm.cuny.edu
Wed Jul 27 17:03:03 AEST 1988


Since there are so many ways of observing a logon sequence and then
duplicating it, a high security system needs to implement a changing
logon sequence so that what lets a valid user into the system today
does not allow entrance to a black hatted person the following day.

People have published two distinct variations on this theme.
First - for machine to machine security (including a smart card as a machine)
Second - for human to machine login sequences.

A relative of this is the "pass algorithm" (I don't at this time recall
who suggested it).  The systemn that logs in is given some information
and must respond to it in the correct way.

The second technique is based on storing a number of questions (say 10)
and 10 encrypted answers. On logging in the machine asks a collection
of randomly chosen questions and reads replies that are checked against
the encrypted dossier of information for the person who is
putatively loggin in...


Someone else has proposed an intriguing variant.  This is the
    "Pass Algorithm"
The user (person or system logging in) has memorized an algorithm
which is applied to input provided by the system to which they are
attempting to gain access.  The input is generated randomly.

Has anyone implemented any of these variations on UNIX?
Dick Botting
PAAAAAR at CCS.CSUSCC.CALSTATE(doc-dick)
paaaaar at calstate.bitnet
PAAAAAR%CALSTATE.BITNET@{depends on the phase of the moon}.EDU
Dept Comp Sci., CSUSB, 5500 State Univ Pkway, San Bernardino CA 92407
Disclaimer: What with my brain, my fingers, this Mac, Red Ryder,
            the PDP and its software, NOS and the CSU CYBERS,
            plus transmission errors, your machine, terminal,
            eyes, and brain,.....
       I probably didn't think what you thought you just read any way!



More information about the Comp.unix.questions mailing list