OTP feature for /bin/login
Guylhem
busybox at guylhem.net
Mon May 7 22:33:19 UTC 2012
Hello
On Mon, May 7, 2012 at 4:41 PM, Tito <farmatito at tiscali.it> wrote:
> as plaintext passwords are not widely used nowadays,
> do you plan to store the shared secret encrypted?
Unfortunately, it is not possible if instead of encryption you mean
hash (ex: md5, like in /etc/passwd)
The encryption must be easily reversable to compute the response to a
given pin. But then, it might become complicated and pointless (ex: it
is just a rot-13, or if you need a key, do you store the decryption
key in a file in /etc ? In busybox binary? In any case it could be
found out and neglect the benefits. Even worse, it offers a false
sense of security)
Moreover, the shared secret is not a password. If you don't know the
pin, you can not guess the challenge response.
> There is sendmail in busybox.
>From what I've seen, the sendmail depends on a smarthost (ex: smtp.gmail.com)
DMA does everything itself - it connect to port 25, etc. I use this at
home without any problem, since my SPF is configured and the reverse
DNS points back to my domain. DMA doesn't do anything else (ex: there
is no queue) - it just sends email to external domains, which is
usefull to send a pin ;-)
Guylhem
More information about the busybox
mailing list