Great Circle Associates Firewalls
(September 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: S/KEY holes
From: "Marcus J. Ranum" <mjr @ clark . net>
Organization: V-One Corporation, Baltimore, MD Office
Date: Sat, 21 Sep 1996 16:12:59 -0400 (EDT)
To: Firewalls @ GreatCircle . COM
In-reply-to: <199609192224 . PAA01175 @ miles . greatcircle . com> from "Firewalls-Digest" at Sep 19, 96 03:24:40 pm
Phone: 410-889-8569
Reply-to: mjr @ v-one . com 
Warren Moore <warren .
 moore @
 cbis .
 com> writes
>holes that had been found in S/KEY.  Can one of you point me to a source that 
>covers/explains these holes, or simply tell me yourself?

	S/key is vulnerable to authentication racing, in which you
try to log in faster than the victim, while sniffing their response.
There's a rough overview of it in my Internet attacks presentation,
at or around the end. Check:

http://www.clark/net/pub/mjr/pubs/attck

	It's easily enough fixed by making logging in an atomic
transaction so that a user can't be in the login process more than
once simultaneously -- which causes a potentially powerful denial
of service attack. The authentication racing attack works against
any authentication system that's not based on a challenge-response
or signature of a unique value.

mjr.
Indexed By Date Previous: Source Routing
From: "R. McMahon" <mcmr @ mailhost . net>
Next: Re: viruswalls & firewalls
From: harley @ icrf . icnet . uk
Indexed By Thread Previous: Re: Source Routing
From: Paul Ferguson <pferguso @ cisco . com>
Next: S/Key Holes
From: Warren Moore <warren . moore @ cbis . com>
Google
 
Search Internet Search www.greatcircle.com