Re: It's not possible to allow non-OPIE logins only from trusted
Miguel Lopes Santos Ramos <mbox@miguel.ramos.name> writes:
> Ok, admittedly, it took me a while to see in what way that could be a
> weekness. It's a bit like hoping for a little remaining security after
> the password list was compromised.
OPIE is not designed to protect against a stolen password list; it is
designed to protect against replay attacks.
With a key calculator, there is no password list to steal - but you need
to make sure that nobody can sniff or shoulder-surf the password you
type into the calculator. I know of at least one Java ME key calculator
that will run on most Java-enabled smartphones. Unfortunately for Apple
otakus, this does not include the iPhone, but the good news is that they
can get a real phone for considerably less money.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 19 之 26 篇):