[Beowulf] One time password generators...
Robert G. Brown
rgb at phy.duke.edu
Thu Mar 26 07:28:12 PDT 2009
On Thu, 26 Mar 2009, Leif Nixon wrote:
> "Robert G. Brown" <rgb at phy.duke.edu> writes:
>
>> But that's simply controlling the incoming client, and I AGREE
>> that this is what one has to do to make ANYTHING secure. Now
>> demonstrate to me any additional advantage to using yubikeys, secureids,
>> or anything else you like over simple ssl or ssh bidirectionally secured
>> unspoofable unsnoopable connections with no password at all.
>
> Well, some banks over here have a authentication system that uses a
> hardware crypto token with a keypad. You use it for a challenge-response
> procedure to log in to the Internet banking site - nothing new so far -
> but you also use it to sign (using challenge-response) each bunch of
> transactions you perform on the banking site. And - this is the key
> point - to sign the transactions you actually enter certain parts of the
> transaction data (like the total amount to transfer) into the crypto token.
>
> Even with total control over the client PC, it's real hard for an
> attacker to do anything really evil in that setting.
I agree. Of course, what you're saying is that the actual transaction
agent is the token, and the token is separate and secure. The PC is
already a part of the external network back to the trusted host. I
stand corrected (sort of) for this exception, although it is really just
an example of a perfectly controlled transactional client (and the PC
itself is no longer really the client).
rgb
>
> --
> Leif Nixon - Systems expert
> ------------------------------------------------------------
> National Supercomputer Centre - Linkoping University
> ------------------------------------------------------------
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
>
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
More information about the Beowulf
mailing list