View Single Post
  #2   (View Single Post)  
Old 2nd June 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 6,423

From login.conf(5):
localcipher       string     blowfish,6   The cipher to use for local
                                               passwords.  Possible values
                                               are: ``old'',
                                               ``newsalt,<rounds>'', ``md5'',
                                               and ``blowfish,<rounds>'' where
                                               ``old'' means classic 56-bit
                                               DES.  For ``newsalt'' the value
                                               of rounds is a 24-bit integer
                                               with a minimum of 7250 rounds.
                                               For ``blowfish'' the value can
                                               be between 4 and 31.  It speci-
                                               fies the base 2 logarithm of
                                               the number of rounds.
The default installation /etc/login.conf file is set so that the default local cipher is "blowfish,6". The daemon class local cipher is set to "blowfish,8".

S/Key is a one-time-passphrase authentication system. For more information, see the man pages: skey(1), skeyinit(1), skeyinfo(1), skey(5), skeyaudit(1), skeyprune(1).

I have skey set up on one of my servers for ssh access from public-access computers. The one-time-passwords are useful in situations where public key encryption cannot be used. (Keyboard capture applications will not be able to take advantage of one-time-passphrases, but they could certainly acquire other information of the user is not careful on such computers.)
Reply With Quote