From login.conf(5):
Code:
localcipher string blowfish,6 The cipher to use for local
passwords. Possible values
are: ``old'',
``newsalt,<rounds>'', ``md5'',
and ``blowfish,<rounds>'' where
``old'' means classic 56-bit
DES. For ``newsalt'' the value
of rounds is a 24-bit integer
with a minimum of 7250 rounds.
For ``blowfish'' the value can
be between 4 and 31. It speci-
fies the base 2 logarithm of
the number of rounds.
The default installation /etc/login.conf file is set so that the default local cipher is "blowfish,6". The daemon class local cipher is set to "blowfish,8".
S/Key is a one-time-passphrase authentication system. For more information, see the man pages: skey(1), skeyinit(1), skeyinfo(1), skey(5), skeyaudit(1), skeyprune(1).
I have skey set up on
one of my servers for ssh access from public-access computers. The one-time-passwords are useful in situations where public key encryption cannot be used. (Keyboard capture applications will not be able to take advantage of one-time-passphrases, but they could certainly acquire other information of the user is not careful on such computers.)