Funcionamiento:
F: función de hash
skey: palabra secreta
Pi: contraseña 1-10
F(skey) = P0
F(P0) = P1
F(P1) = P2
F(P2) = P3
F(P3) = P4
F(P4) = P5
F(P5) = P6
F(P6) = P7
F(P7) = P8
F(P8) = P9
F(P9) = P10
S/Key está soportado en sistemas *NIX y se encarga de la autenticación de algunos protocolos (telnet, ftp, ssh, ...).
El servidor almacena la última contraseña generada (P10). Cuando el usuario intenta acceder al servidor, se le solicita la contraseña P9, si F(P9) = P10, el servidor permite el acceso, almacena P9 y en el siguiente acceso solicitará P8.
En el caso de que un atacante interceptara P9, esta ya no sería válida. En el caso de que quisiera obtener P8 a partir de P9, tendría un gran problema (encontrar la función inversa G(P9)->P8), ya que las contraseñas se generan utilizando funciones de hash de una vía (F(P8)->P9).
Práctica:
local#ssh root@192.168.1.12root@192.168.1.12's password: Last login: Sat Oct 4 23:00:28 2008 OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 remoto#skeyinit -Eremoto#skeyinitReminder - Only use this method if you are directly connected or have an encrypted channel. If you are using telnet, hit return now and use skeyinit -s. [Adding root with md5] Enter new secret passphrase: Again secret passphrase: ID root skey is otp-md5 100 open65334 Next login password: YAM LOWE GIBE HOWL LION MAST remoto#otp-md5 -n 100 `skeyinfo`Reminder - Do not use this program while logged in via telnet. Enter secret passphrase: 0: ORGY COST EDGY TINT DEAR BLUM 1: RASH HELL LEAD NEIL HARM ADEN 2: GAG PER EMMA BAND USES GET 3: SAW BALE WAY KNEW RULE CLUE 4: GRAD BOWL ALGA TONY BUSS NOW 5: AVOW HALL VIE MUD YEAR COY 6: YAP DIAL WEAL DUD PER HAAS 7: VASE HESS ULAN DORA YAWL EYED 8: GASH SIP KISS WHY HEAL TACT 9: KONG MARE SHIM CAGE BACK RULE 10: WU BUCK LAME RUDY OLAF COCK 11: SOFA DRUG LAVA HAY BAIL STAB 12: GIRL VICE KEY AWE AT RENT 13: DAY OSLO TUFT MA MANY EASY 14: MILE RAM DINE HOYT THUG PAD 15: NIP DEFY DATA LINK FILE TAKE 16: HAND WEIR HOOK LIED PEA LIAR 17: RYE WAGE HAYS SELL TIE HOP 18: GULF TONG AT DRAW MINE CADY 19: CHEW FANG LYLE SUDS EASY MIT 20: WARM HASH BERT SALK WEE DEBT 21: EST MAW LUCK EVEN WEST GARB 22: ROOF ARTY DOSE GLOW GLIB TOOT 23: TELL ROE SELF NOLL GARB CASK 24: MEAL MILD FIST TEAM COOT ROAR 25: HECK DIET AID SON HIS RUDE 26: VISE EVIL FEE TIDY BURT SIRE 27: MOTH FERN OTT SURE WELD REID 28: MICE LYNN GANG HOLT ROSA LOOK 29: HO TUNA DESK LIP GUSH SOAR 30: KEG LIN DIRT TEEM COMA SAIL 31: EVA ANNA APT IQ TUBE WART 32: AHOY SOWN RISK GAP DARK BADE 33: LINK HAL CELL SHE LAVA MUST 34: GIFT MAE SOD SLIM HAIR HESS 35: KATE NIT TAB SOCK GLOW CLUE 36: GO PEN EARL TIP WICK SORT 37: TIER IFFY ARCH YES YEAR WOK 38: WIRE WISH THEY LOSE NAN ROBE 39: MOD GARY EARL TONG PIN OW 40: BASH GINA JURY ONES DAR GIFT 41: SLUG LIFE FIT AMRA BROW AIDE 42: HEBE LYON VOID MORE KNEW FROM 43: ONLY TUN AT BUFF BETA HORN 44: EDDY ABE UP THAN ANNA JAR 45: SARA GEL DOWN KARL DIME BOG 46: BAWL KITE BOSE OILY LION TALL 47: BOYD ALAN TOOT MEAN NICE FAD 48: SOWN ELM AJAR TUFT WEAL ANTE 49: SELF FIRM GAP NEWS FULL HESS 50: TOOK JUNE BOB ROLL ABLE BIEN 51: ROSA DIN GLUE MISS TEET VEAL 52: DOG FLUB SIFT LARD ACME BABY 53: JIM TOUT GOT ROVE SEEK USES 54: ONLY PUP PEW ALTO LIMB GIVE 55: BEAU HUT SEA HOC CUT SUD 56: NOV WRY JOHN AMY PHI NODE 57: GIST DINE DAB AHEM COIL OVER 58: KNOB CAP YOU CUTS NAIL SIP 59: PET WED DAM JIM STIR SCAR 60: AUK RAT HONK SUN GENE AVON 61: REAM ROAR VEND LIP DID EGG 62: LIT DUG WAIT GALA WEAK NON 63: JOVE JAM LOG DIAL LAWN LILT 64: BARE CHUB CON LIAR STOW FOUL 65: TREK ROOM NEWS HAN SKIT LAWS 66: BARE TUSK JOAN TESS BARE DEN 67: JUNE YAM LUND PHI ARC DUST 68: BASE WIFE GLUE OTTO MALE SIR 69: SOAK FANG ELY FOR PI ROUT 70: TUCK FIRM BONA HOB TOIL SUB 71: CERN TIED SAG SLID MAYO SOW 72: DUNK TOE JAVA GOOD JOVE HERB 73: HOC DUCT MAE MOE BEAK BOSS 74: SHE SILT MURK UP GAB WEEK 75: BELA POP HOLT BET LORD BARN 76: CALF SWAB DAWN FOAM GUY GWEN 77: DIP BAT ONCE TREK GLEN MACE 78: VEIL FUSE VETO SUB CHAD EMIT 79: TWIN PET CALF GREY KEG HIVE 80: IO TINA KNOT JAM KNOT FUME 81: LIEU JURY JUT KONG GAFF GLAD 82: CAW CLAD TONE DIRT PRO ELSE 83: KIRK LIST CODA NEWS LOSS STAN 84: GREG TESS QUIT LOW SLAY HIKE 85: FLEA GRAD GOWN WAGE KANT FEED 86: KALE DEFY NOT OLGA GIBE CURD 87: HUG ACTS YALE PAY RACY JULY 88: VISE HUG MOD BAG LUCY CLOD 89: EMIL IF ALGA FIB FAIL MUCK 90: BETH LIN KARL AFAR FOOT WEAK 91: NO RON ULAN MIRE RIDE NOEL 92: DEAL SHAG DAVY OLGA AIDA MAP 93: DELL FIRM COKE HEAT BEY KEEN 94: CHAD PAM DUMB FAR ANTI COOL 95: LULU VIEW BUCK DULL GLOM BOP 96: BUOY SAY SICK JOEY ANTE COCA 97: MORN FLIT FAKE LOOT HULK ECHO 98: NOUN KEEL HAVE CITY YELL RIME 99: ROBE DIVE MOST LAVA MIRE BONN remoto#exitlocal#ssh -l root:skey 192.168.1.12otp-md5 99 open65334 S/Key Password:ROBE DIVE MOST LAVA MIRE BONNLast login: Sat Oct 4 23:02:03 2008 from 192.168.1.2 OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 remoto#
No comments:
Post a Comment