have you read up on how CHAP (Challenge Handshake Authentication
Protocol) worked
for dialup authentication? IIRC it was designed to allow
secure-enough authentication
over a sniffable channel (modem traffic) at the cost of forcing
plaintext password storage
on the server side.
http://en.wikipedia.org/wiki/Challenge-handshake_authentication_protocol
and
http://www.rootsecure.net/content/downloads/pdf/cheating_chap.pdf
suggests stealing injecting challenges received on a second connection into
an existing up connection in order to steal credentials
The microsoft extensions
http://en.wikipedia.org/wiki/MS-CHAP
may be useful. RFC numbers are listed in the wikticles.
--
sub ONCE(&){ # only one ONCE on any LOC
my %x if 0;
$x{caller()}++ or &{$_[0]};
}
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.