can you use SecurID with rancid?
Mark Boolootian
booloo at ucsc.edu
Tue May 10 03:23:01 UTC 2005
Hi Terry,
Thanks for the note. Was just showing your media system web page to
someone this afternoon.
> Also, depending on what underlying method is used (telnet, for example),
> regular RANCID sessions to a box would let an attacker build up a nice set
> of challenge/response pairs, which might make an attack easier. In the case
> of a single host, the attacker gets 24 known-good challenge/response pairs
> per day. If multiple boxes share the same algorithm / keys, the number of
> good pairs goes up very rapidly.
All good points, but where am I left if I want to protect my network
gear with OTPs and still run rancid? It seems they are mutually
incompatible. I can create a single instance of a reusable password to be
used for rancid logins, but that doesn't improve the situation.
> I'm not saying it isn't a good idea for your specific application, I'm
> just explaining why I never bothered to add CRYPTOCard support to it (we're
> a heavy user of these cards here).
So what do you do?
best,
mb
---
Mark Boolootian
UC Santa Cruz
More information about the Rancid-discuss
mailing list