[Beowulf] One time password generators...
Leif Nixon
nixon at nsc.liu.se
Wed Mar 25 03:53:24 PDT 2009
"Robert G. Brown" <rgb at phy.duke.edu> writes:
> On Tue, 24 Mar 2009, Billy Crook wrote:
>
>> And if your users don't like typing long random things in, but you
>> still want them to use one-time credentials:
>> http://www.yubico.com/products/yubikey/
>
> This one I had found -- it isn't exactly like the secureid thing, but it
> looks like it would work in a self-sufficient way, and one can
> overload/reload it with your own AES keys so that you really aren't
> relying in any way on a third party for authentication.
The Yubikey is really nifty. (Of course, it's Swedish. 8^) )
I like the price and the form factor, and the really clever,
in-hindsight-obvious idea of the Yubikey pretending to be a USB keyboard
and entering the OTP for you.
The one thing I dislike is that it is based on a symmetric scheme. All
AES keys are stored on the authentication server. If the authentication
server ever gets compromised, you have to replace or rekey your entire
deployed base of Yubikeys.
--
Leif Nixon - Systems expert
------------------------------------------------------------
National Supercomputer Centre - Linkoping University
------------------------------------------------------------
More information about the Beowulf
mailing list