[Beowulf] One time password generators...

Leif Nixon nixon at nsc.liu.se
Wed Mar 25 03:53:24 PDT 2009

"Robert G. Brown" <rgb at phy.duke.edu> writes:

> On Tue, 24 Mar 2009, Billy Crook wrote:
>> And if your users don't like typing long random things in, but you
>> still want them to use one-time credentials:
>> http://www.yubico.com/products/yubikey/
> This one I had found -- it isn't exactly like the secureid thing, but it
> looks like it would work in a self-sufficient way, and one can
> overload/reload it with your own AES keys so that you really aren't
> relying in any way on a third party for authentication.

The Yubikey is really nifty. (Of course, it's Swedish. 8^) )

I like the price and the form factor, and the really clever,
in-hindsight-obvious idea of the Yubikey pretending to be a USB keyboard
and entering the OTP for you.

The one thing I dislike is that it is based on a symmetric scheme. All
AES keys are stored on the authentication server. If the authentication
server ever gets compromised, you have to replace or rekey your entire
deployed base of Yubikeys.

Leif Nixon                       -            Systems expert
National Supercomputer Centre    -      Linkoping University

More information about the Beowulf mailing list