> For the uninitiated, with S/Key your password changes upon
> every login, and no cleartext passwords are stored on the
> system. Any snooping of passwords is ineffective, because the
> password becomes redundant after successfull use (the next
> password is generated by an iterative pass through a one-way
> hash). The (minimal) downside is that you need to use client
> software to "pregenerate" the passwords you use for subsequent
> logins. These passwords are composed of six words, each being
> 1 to 4 letters in length. It is possible to generate say your
> next 100 passwords, print them out and carry them around in
> your wallet though.
Ahhh... I see. This is the "put the box in a locked room with no external
access and no users who can log in" solution. Well, not quite, but close.
Any password system which makes itself inconvient to users discourages
use of that system. A system without users is pointless. If the future of
computers is inconvient system, then I think we are heading in the wrong
direction.
-----------------------------------------------
Scott Hopwood shopwood@nospam.socs.uts.edu.au
'A monkey throws,
A spinning bone,
A silent spaceship'