[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] One time password

From: Derek Robert Price
Subject: Re: [PATCH] One time password
Date: Tue, 19 Aug 2003 15:00:27 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

Hash: SHA1

Mark D. Baushke wrote:
[ . . . ]

|That said, a new feature that ties prompting for a password soley to the
|keyboard seems undesirable to me.
|Given that even PGP allows the user to have the passphrase read from a
|socket, I suspect that some kind of non-tty input is desirable to make
|this feature as flexible as may be desired.
|For example, gpg has the option:
|       --passphrase-fd n
|                 Read the passphrase from file descriptor  n.  If
|                 you  use  0  for  n, the passphrase will be read
|                 from stdin.     This can only be  used  if  only
|                 one  passphrase  is  supplied.   Don't  use this
|                 option if you can avoid it.
|I would think that the NULL_PASSWORD mechanism might be able to do
|something similar. Of course, the password prompt would have to be
|to some place that could potentially be read externally, such as
|Having such a hook is not always needed, but having it might make this
|feature more useful. And the possibility of an administrator mandating
|no srambled passwords be saved seems plausable if the transport for the
|passwords between the client and server could ever be encrypted with
|something like a simple Diffie-Helman key exchange or as complex as a
|full TLS credential exchange to verify that the server is not a

[ . . . ]

| For my part, I think it might want another paragraph of documentation
|discussing why reading from either the /dev/tty or a named pipe or open
|file descriptor is not a good idea for this new feature.
|The documentation is also not 100% clear that the server is preparing a
|message for the client that is to be displayed as a part of the password

Brian, are you willing to address Mark's concerns?

|It would be well to know exactly how the new server protocol
|works and interoprates with older clients and servers so that when folks
|run into problems it will be more clear what is wrong.

An older client should report: `unrecognized auth response from
<hostname>: prompt-secret <actual-prompt>'.  From src/client.c:

~    ...
~    else if (strcmp (read_buf, "I LOVE YOU") == 0)
~    {
~        free (read_buf);
~        break;
~    }
~    else
~    {
~        error (1, 0,
~               "unrecognized auth response from %s: %s",
~               root->hostname, read_buf);
~    }
~    free (read_buf);
~    ...


- --
~                *8^)

Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
- --
170. If you try to fail, and succeed, which have you done?
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org


reply via email to

[Prev in Thread] Current Thread [Next in Thread]