Firewall Wizards mailing list archives
Re: Token based OTP: SafeWord or SecurID?
From: "daN." <dan () nesmail com>
Date: Mon, 25 Sep 2000 12:21:54 -0700
On the other hand, it makes the PIN weaker since it can be sniffed. Does anyone think this matters?Rick. smith () securecomputing com roseville, minnesota
Used in conjunction with SSH or some other encrypted protocol it matters much, used in conjunction with telnet I would say it still matters somewhat..although telnet or other cleartext authentification is a bad idea in any event because someone who could sniff you secure ID could just as easily hijack your session..
The only real use of a PIN prevents someone who has stolen the card from gaining immediate access to the system of course this is assuming you don't let your users use 1234 as their secure pin :)...
Out of curiosity does anyone know if there are Smart-Card security cards out there the work on public Key cryptography? (Computer passes you a random token, card signs it and passes it back? System verifies it by checking against public key) obvious drawback of this type of system is of course you need extra hardware on your workstations...Unless of course you could interface it with floppy/pcmcia/Serial/Parallel/etc...
daN. _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Token based OTP: SafeWord or SecurID? kadokev (Sep 13)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Sep 16)
- Re: Token based OTP: SafeWord or SecurID? kadokev (Sep 18)
- Re: Token based OTP: SafeWord or SecurID? Carson Gaspar (Sep 19)
- Re: Token based OTP: SafeWord or SecurID? Rick Smith (Sep 20)
- Re: Token based OTP: SafeWord or SecurID? H. Morrow Long (Sep 22)
- Re: Token based OTP: SafeWord or SecurID? daN. (Sep 25)
- Re: Token based OTP: SafeWord or SecurID? Rick Smith (Sep 25)
- Re: Token based OTP: SafeWord or SecurID? kadokev (Sep 18)
- Re: Token based OTP: SafeWord or SecurID? Vin McLellan (Sep 16)
- Re: Token based OTP: SafeWord or SecurID? Joseph S D Yao (Sep 19)
- Re Token based OTP SafeWord or SecurID? offset (Sep 22)
- Message not available
- Re: Re Token based OTP SafeWord or SecurID? Joseph S D Yao (Sep 23)