Bug 33133

Summary:

keyinit outputs wrong next login password

Product:

Base System

Reporter:

Tim J. Robbins <tim>

Component:

bin

Assignee:

Volker Werth <vwe>

Status:

Closed FIXED

Severity:

Affects Only Me

Priority:

Normal

Version:

4.4-STABLE

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
file.diff	none

Description Tim J. Robbins 2001-12-24 01:00:00 UTC

Bug is same as OpenBSD PR number 2050 (reported 4 months ago, still not fixed).
http://cvs.openbsd.org/cgi-bin/wwwgnats.pl/full/2050

How-To-Repeat: 
Setting up skey on an account for the first item, keyinit from 4.4-STABLE:

$ keyinit
Adding tim:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: 
Again secret password: 

ID tim s/key is 99 ra54494
RAP PAT WOLF HILL MIST SILO

Telnet'ing in:

FreeBSD/i386 (raven.robbins.dropbear.id.au) (ttyp3)

login: tim
s/key 98 ra54494
Password: RAP PAT WOLF HILL MIST SILO
Login incorrect
login:

Setting up skey on an account for the first time, patched keyinit:

$ keyinit.new
Adding tim:
Reminder - Only use this method if you are directly connected.
If you are using telnet or rlogin exit with no password and use keyinit -s.
Enter secret password: 
Again secret password: 

ID tim s/key is 99 ra54671
TILL MITT GUS RON LONE TUG

FreeBSD/i386 (raven.robbins.dropbear.id.au) (ttyp3)

login: tim
s/key 99 ra54671
Password: TILL MITT GUS RON LONE TUG
Last login: Mon Dec 24 11:42:22 from localhost
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
        The Regents of the University of California.  All rights reserved.

FreeBSD 4.4-STABLE (RAVEN) #1: Thu Dec 20 19:34:48 EST 2001


You have new mail.
$


Why has nobody noticed this flaw before?

Comment 1 Sheldon Hearn 2002-01-08 16:11:36 UTC

On Mon, 07 Jan 2002 15:39:01 +1100, "Tim J. Robbins" wrote:

> Can someone please check this PR out?
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/33133

Patch seems reasonable.

> Am I the first one who has tried to log in with the password (s)keyinit
> gives me? It looks pretty obviously broken to me. And yes, I am aware
> that skey is no longer in -current.

Perhaps.  Most folks I know who use skey seriously tend to run off a
whole bunch of passwords at once to hard copy using key(1), so they
just plug in the password they're prompted for, not the one printed by
keyinit(1).

Ciao,
Sheldon.

Comment 2 Sheldon Hearn 2002-01-08 16:25:22 UTC

On Tue, 08 Jan 2002 18:11:36 +0200, Sheldon Hearn wrote:

> > Can someone please check this PR out?
> > 
> > http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/33133
> 
> Patch seems reasonable.

Just tested it and it doesn't work on my RELENG_4 box.  Although I'm now
prompted for sequence ID 0099 instead of 0098, the password isn't
accepted.  This is with both OpenSSH ChallengeResponseAuthentication and
login(1).

Ciao,
Sheldon.

Comment 3 Tim J. Robbins 2002-01-09 06:12:49 UTC

> Just tested it and it doesn't work on my RELENG_4 box.  Although I'm now
> prompted for sequence ID 0099 instead of 0098, the password isn't
> accepted.  This is with both OpenSSH ChallengeResponseAuthentication and
> login(1).

I'm not sure what's going on then. I'm using RELENG_4 from less than a
week ago, and I can still reproduce the problem, and the patch still
fixes the problem. Perhaps it's not a general solution to the problem.
I'm not really worried that keyinit has this small problem, I just noticed
it and thought it might be easy to fix. Obviously not :)


Tim

Comment 4 Tim Robbins freebsd_committer

2002-06-30 09:19:52 UTC

State Changed
From-To: open->suspended

It would appear that nobody is willing to fix this bug.

Comment 5 Volker Werth freebsd_committer

2008-05-24 16:26:19 UTC

State Changed
From-To: suspended->closed


we don't have keyinit since 5.x days anymore - closing this 
Please note: the issue also hasn't been fixed according to GNATS in OpenBSD.

Comment 6 Volker Werth freebsd_committer

2008-05-24 16:26:19 UTC

Responsible Changed
From-To: freebsd-bugs->vwe


track