On Thu, 15 Nov 2001, Alan J Rosenthal wrote: > A login prompt for a non-account looks like this: > > login: flomp > otp-md5 175 at2078 ext > Response: > > So far, so good. But press return once or twice to get "Login incorrect" > (or make a new conection), and then do > > login: flomp > otp-md5 220 at0624 ext > Response: > > Either the user just set a new passphrase in this one-second interval, or > "flomp" does not exist. Seed the PRNG generating this fake challenge with the given username and nothing but the username (and perhaps some *static* secret data). --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
