Turning off encryption
Ken Hornstein
kenh at cmf.nrl.navy.mil
Tue Jun 18 16:13:20 EDT 2002
>I am implementing one-time-passwords into Kerberos 1.2.5.
>More specifically I'm using hardware authenticaiton
>for the principal in question which must provide a
>one-time-password to the presented challenge.
>The get_sam_edata is done and provides the challenge.
Peter,
If you're willing to wait, I am going to be doing some serious
rototilling on the whole hardware preauthentication code and protocol.
But I think that most of us that use CRYPTOCards would prefer that the
response be used in a method that increases cryptographic entropy,
rather than just sending over the output of the card. Talk to me
off-line if you're interested in details.
--Ken
More information about the Kerberos
mailing list