[CQ-Contest] An evil reason behind fishy spots?

[Ward Willats]

>Sending passwords on rf is rather worthless as anyone with a tnc can
>monitor them.  To do it securely would require a one-time use password
>that changes for each login,

Using a challenge/response exchange you can verify a password without 
sending it  over the link. (Server encrypts a random number with what 
it thinks is the user's password. Sends same random number to client 
(challenge). Client encrypts random number with password and sends 
result back (response). Server compares both encrypted results to be 
sure they are the same.)

Even this requires a lot of infrastructure change to implement, of course.

-- Ward (the pedantic one who wrote authentication software once upon 
a time and is glad he no longer has anything to do with it) / KG6HAF