From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <025d01c40834$05b6e390$67844051@SOMA> From: "boyd, rounin" To: <9fans@cse.psu.edu> References: Subject: Re: [9fans] cryptographic signatures & factotum MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Date: Fri, 12 Mar 2004 14:14:55 +0100 Topicbox-Message-UUID: 2cd0be8c-eacd-11e9-9e20-41e7f4b1d025 > Yes, modulo my bugs in the security stuff. Our password algorithm is > only DES. Brute force would eventually work. We should be moving to > a new alg. http://plan9.bell-labs.com/magic/man2html/4/factotum By default when factotum starts it looks for a secstore(1) account on $auth for the user and, if one exists, prompts for a secstore password in order to fetch the file factotum, which should contain control file commands. An example would be key dom=x.com proto=p9sk1 user=boyd !hex=26E522ADE2BBB2A229 key proto=rsa service=ssh size=1024 ek=3B !dk=... where the first line sets a password for challenge/response authentication, strong against dictionary attack by being a long random string, and the second line sets a public/private keypair for ssh authentication, generated by ssh_genkey (see ssh(1)).