O'Reilly logo

Practical UNIX and Internet Security, 3rd Edition by Alan Schwartz, Gene Spafford, Simson Garfinkel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

One-Time Passwords

If you manage computers that people will access over the Internet or other computer networks, then you should seriously consider implementing some form of one-time password system. Otherwise, an attacker can eavesdrop on your legitimate users, capture their passwords, and use those passwords again at a later time.

Is such network espionage likely? Absolutely. In recent years, people have broken into computers on key networks throughout the Internet and have installed programs called password sniffers (illustrated in Figure 19-2). These programs monitor all information sent over a network and silently record an initial portion of each network connection to capture each person’s username, password, and sometimes additional information.[283] In at least one case, a password sniffer captured tens of thousands of passwords within the space of a few weeks before the sniffer was noticed; the only reason the sniffer’s presence was brought to the attention of the authorities was because the attacker was storing the captured passwords on the compromised computer’s hard disk. Eventually, the hard disk filled up, and the computer crashed!

Password sniffing

Figure 19-2. Password sniffing

One-time passwords,[284] as their name implies, are passwords that can be used only once, as we explained in Chapter 4. They provide strong protection against password sniffers.

Another application that demands ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required