[CQ-Contest] An evil reason behind fishy spots?

Ward Willats cqcontest at kg6haf.com
Sat Apr 12 11:46:56 EDT 2003

>Sending passwords on rf is rather worthless as anyone with a tnc can
>monitor them.  To do it securely would require a one-time use password
>that changes for each login,

Using a challenge/response exchange you can verify a password without 
sending it  over the link. (Server encrypts a random number with what 
it thinks is the user's password. Sends same random number to client 
(challenge). Client encrypts random number with password and sends 
result back (response). Server compares both encrypted results to be 
sure they are the same.)

Even this requires a lot of infrastructure change to implement, of course.

-- Ward (the pedantic one who wrote authentication software once upon 
a time and is glad he no longer has anything to do with it) / KG6HAF

More information about the CQ-Contest mailing list