Entry 16104 (Berkeley CSUA MOTD)

Berkeley CSUA MOTD:Entry 16104

WIKI \| FAQ \| Tech FAQ
`http://csua.com/feed/`

2025/05/25 [General] UID:1000 Activity:popular

5/25

1999/7/11-14 [Computer/SW/Security] UID:16104 Activity:low

7/10    Anyone know if someone has written an SKey generator for the
        Palm OS?  Would be handy to have the key generator handy...
        \_ http://astro.uchicago.edu/home/web/valdes/pilot/pilOTP
           i haven't tried it yet tell me if it works  --oj
                \_ YES, it works.  just logged in with it.  thanks!
                   no excuses to not use skey now...
                   \_ How about, "I don't have a Palm Pilot"?
        \_ Any source code out there for S/Key?
           \_ /usr/src/usr.bin/key/skey.c on soda  --dbushong

ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/05/25 [General] UID:1000 Activity:popular

5/25

You may also be interested in these entries...

2013/10/24-11/21 [Computer/Companies/Apple] UID:54747 Activity:nil

9/19    "No, A Severed Finger Will Not Be Able to Access a Stolen iPhone 5S"
        http://mashable.com/2013/09/15/severed-finger-iphone-5s
        I'm sure the Apple QA department has tested extensively that a severed
        finger will not be able to access a stolen iPhone 5S.
        \_ It doesn't matter whether or not a severed finger can be used.  It
           matters whether or not a robber thinks that a severed finger can be
	...

2013/6/6-7/31 [Politics/Foreign/Asia/China, Computer/SW/Security] UID:54690 Activity:nil

6/6     Wow, NSA rocks. Who would have thought they had access to major
        data exchangers? I have much more respect for government workers,
        crypto experts, mathematicans now than ever.
        \_ flea to Hong Kong --> best dim-sum in the world
           \_ "flee"
        \_ The dumb ones work for DMV, the smart ones for the NSA. If you
	...

2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil

8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...

2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil

8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...

2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil

8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...

2012/7/13-8/19 [Computer/SW/Security, Computer/Companies/Yahoo] UID:54436 Activity:nil

7/13    Why would Yahoo store passwords unencrypted?  I recall that even 20+
        years ago the passwords stored in /etc/passwd on instructional
        machines here at Cal were one-way encrypted.  (I think those were
        Ultrix machines.)
        \_ Doesn't this say anything already?
           http://finance.yahoo.com/echarts?s=YHOO+Interactive#symbol=yhoo;range=5y
	...

2011/4/27-7/30 [Computer/SW/Security, Computer/SW/Unix] UID:54096 Activity:nil

4/28    Will wall be fixed?   - jsl
        \_ What's wall?
           \_ An anachronism from a bygone era, when computers were hard to
              comeby, the dorms didn't have net, there was no airbears, and
              when phones didn't come standard with twitter or sms.
           \_ A non useful implementation of twitter.
	...

2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil

5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...

2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil

2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...

Cache (3036 bytes)

astro.uchicago.edu/home/web/valdes/pilot/pilOTP -> astro.uchicago.edu/home/web/valdes/pilot/pilOTP/With pilOTP and your Pilot, you'll never again be caught logging into your computer remotely without having a OTP on hand. One-time passwords provide a secure way to log into networked systems over insecure networks. A problem with traditional password authentication systems where the same password is always used to access the system is that when one logs into the system over a network, the password can be observed by an eavesdropper on that network and subsequently reused to gain unauthorized access to the system. One-time passwords eliminate this problem by requiring a different password for authentication each time one logs into a system. The passwords used by a one-time password system are computed by combining a secret passphrase known only to the person wishing access to the system with a "challenge" string issued by the system and then passing this result repeatedly through a "hash" function. The output of this function is converted into 6 short English words, and these six words are then used as the OTP. Since the OTPs must be computed, this means that one needs some type of password generator on a local computer in order to calculate the appropriate OTP for accessing the remote system. In the absence of a local computer, the alternative in the past has been to carry a precomputed list of OTPs on a piece of paper. Now that small, portable computers like the Pilot are available, one can always have a computing device on hand, and with the help of pilOTP, one can now always have an OTP generator available ready to compute a password. Features * RFC 1938 compliant * MD4, MD5 and SHA-1 support * compatible with the S/KEY(tm) and OPIE OTP systems * supports passphrases up to 63 characters in length * optionally saves the last challenge used; Finally, HotSync your Pilot with your computer to load pilOTP into your Pilot. How to use pilOTP screenshot Use of pilOTP is straight-forward. All the fields can be cleared at once by tapping the Clear button. A standard Edit menu is available for copy/paste/clear editing of individual fields (except for the passphrase field, for which only paste and clear work). A Preferences dialog is available for controlling the various features of the program. Clear the field first (Select All and Clear (or backspace)) before using the keyboard. You will need to clear the form and re-enter the passphrase. This will fix the problems mentioned above and simplify the program a bit. As it is now, the uncompressed word list consumes 8K of memory, a precious commodity on the Pilot. With this, it will be possible for pilOTP to be "called" by another Pilot application (eg, a terminal emulator or email program) and return a computed OTP. The fields can only be scrolled now by dragging the stylus up or down in the field. Permission is given for free use and distribution of this program. Commercial distribution requires permission from the author. No warranty is made on this software, nor is the author liable for any damage resulting from the use of this software.