Last S/Key thing to consider...
mouring at pconline.com
Fri Nov 10 13:15:38 EST 2000
What is everyone's opinion on reverting back to the OpenBSD's auth-skey.c
which uses S/Key's sha1.h and libskey.a instead of OpenSSL.
Personally it does not matter to me. I would perfer to revert back
myself to reduce the differences between the two code trees. (Or if
OpenBSD could pick up the changes. Either way.)
I've already sent a patch to the person doing the portable OpenBSD S/Key
library with a few minor corrects and a request to expose sha1.h since
I know a few other projects that would use it.
Either way it won't really matter since it's only used to generate the
false S/Key response (But they do actually give different OTP outputs).
More information about the openssh-unix-dev