That's correct, we're paranoids.  You can run netkey to encrypt
the challenge and send then type that in.  For a Unix netkey
look at the plan9 /sys/src/cmd/unix/netkey directory.