> Well, the bogus challenge should be constant for at least an hour or
> so. I the s/key mailing list I proposed to seed the algorithm with the
> inode ctime of '/'. That information is stable enough, and should not
> be accessible to Joe Cracker.
Why don't you _really_ confuse the bugger; use the name he is trying, modified
by sonthing to do with the machine he is trying?
ie coming in on grondar.za with name bloggs, ergo random number derived
from rondar+bloggs, or some similar scheme?
This number will never change...
--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200