Overview : Community : Archive : Tools : Showcase

Archives


- Beowulf
- Beowulf Announce
- Scyld-users
- Beowulf on Debian

[Beowulf] One time password generators...

Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.

Search

Robert G. Brown rgb at phy.duke.edu
Thu Mar 26 07:28:12 PDT 2009 

On Thu, 26 Mar 2009, Leif Nixon wrote:

> "Robert G. Brown" <rgb at phy.duke.edu> writes:
>
>> But that's simply controlling the incoming client, and I AGREE
>> that this is what one has to do to make ANYTHING secure.  Now
>> demonstrate to me any additional advantage to using yubikeys, secureids,
>> or anything else you like over simple ssl or ssh bidirectionally secured
>> unspoofable unsnoopable connections with no password at all.
>
> Well, some banks over here have a authentication system that uses a
> hardware crypto token with a keypad. You use it for a challenge-response
> procedure to log in to the Internet banking site - nothing new so far -
> but you also use it to sign (using challenge-response) each bunch of
> transactions you perform on the banking site. And - this is the key
> point - to sign the transactions you actually enter certain parts of the
> transaction data (like the total amount to transfer) into the crypto token.
>
> Even with total control over the client PC, it's real hard for an
> attacker to do anything really evil in that setting.

I agree.  Of course, what you're saying is that the actual transaction
agent is the token, and the token is separate and secure.  The PC is
already a part of the external network back to the trusted host.  I
stand corrected (sort of) for this exception, although it is really just
an example of a perfectly controlled transactional client (and the PC
itself is no longer really the client).

   rgb

>
> -- 
> Leif Nixon                       -            Systems expert
> ------------------------------------------------------------
> National Supercomputer Centre    -      Linkoping University
> ------------------------------------------------------------
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
>

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu

More information about the Beowulf mailing list

Home | Overview | Community | Archive | Tools | Showcase

Copyright © 2004 Beowulf.org. All Rights Reserved.