Ostiary
Karl Chen
quarl at cs.berkeley.edu
Tue Aug 2 12:24:16 EDT 2005
As an authentication protocol, it looks vulnerable to a time
synchronization attack: an attacker that can desynchronize the server
and client's clocks predictably can block the client's authentication
and use it as his own. (Assuming the server's clock is monotonically
increasing, the command can only be used once.) If the command utilizes
the IP address (e.g. as a port knock), this is a security hole.
Karl
On Tue, 2005-08-02 at 17:56 +0530, Udhay Shankar N wrote:
> Sounds interesting. Has anybody used this, and are there any comments?
>
> Udhay
>
> http://ingles.homeunix.org/software/ost/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list