nanog mailing list archives
Re: 'we should all be uncomfortable with the extent to which luck ..'
From: David Shaw <dshaw () jabberwocky com>
Date: Wed, 25 Jul 2001 20:30:01 -0400
On Wed, Jul 25, 2001 at 02:09:44PM -0700, Majdi S. Abbas wrote:
On Wed, Jul 25, 2001 at 02:45:44PM -0400, David Shaw wrote:telnetd is not inherently bad. It is a tool that is lacking the session encryption and strong authentication features of SSH, but is still useful in some cases. Like any tool it can be used poorly, but that is not the fault of the tool.Agreed.For example, when traveling, I can log in securely from any random Internet cafe using OPIE or S/Key one-time passwords via telnet. SSH requires that you trust your local machine, and OPIE assumes that you don't.Incorrect. OPIE assumes complete trust of your local machine, but not the network. You still have to generate the hashes using your password.
Not at all. You don't have to generate the hashes on your local machine. Most people using OPIE (or any one-time password scheme) have a hardware device (i.e. Palm Pilot) to calculate the hashes. As you say, it would be rather silly to calculate the hashes on the untrusted machine! David -- David Shaw | dshaw () jabberwocky com | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson
Current thread:
- Re: 'we should all be uncomfortable with the extent to which luck..', (continued)
- Re: 'we should all be uncomfortable with the extent to which luck..' Mark Boolootian (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck..' Richard Welty (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck..' Bill Fenner (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck..' Mark Boolootian (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' David Shaw (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' John Fraizer (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' David Shaw (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' Stephen J. Wilcox (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' Valdis . Kletnieks (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' David Shaw (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' Majdi S. Abbas (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' David Shaw (Jul 25)
- Re: 'we should all be uncomfortable with the extent to which luck ..' John Fraizer (Jul 25)