[Beowulf] One time password generators...

Robert G. Brown rgb at phy.duke.edu
Thu Mar 26 07:28:12 PDT 2009


On Thu, 26 Mar 2009, Leif Nixon wrote:

> "Robert G. Brown" <rgb at phy.duke.edu> writes:
>
>> But that's simply controlling the incoming client, and I AGREE
>> that this is what one has to do to make ANYTHING secure.  Now
>> demonstrate to me any additional advantage to using yubikeys, secureids,
>> or anything else you like over simple ssl or ssh bidirectionally secured
>> unspoofable unsnoopable connections with no password at all.
>
> Well, some banks over here have a authentication system that uses a
> hardware crypto token with a keypad. You use it for a challenge-response
> procedure to log in to the Internet banking site - nothing new so far -
> but you also use it to sign (using challenge-response) each bunch of
> transactions you perform on the banking site. And - this is the key
> point - to sign the transactions you actually enter certain parts of the
> transaction data (like the total amount to transfer) into the crypto token.
>
> Even with total control over the client PC, it's real hard for an
> attacker to do anything really evil in that setting.

I agree.  Of course, what you're saying is that the actual transaction
agent is the token, and the token is separate and secure.  The PC is
already a part of the external network back to the trusted host.  I
stand corrected (sort of) for this exception, although it is really just
an example of a perfectly controlled transactional client (and the PC
itself is no longer really the client).

   rgb

>
> -- 
> Leif Nixon                       -            Systems expert
> ------------------------------------------------------------
> National Supercomputer Centre    -      Linkoping University
> ------------------------------------------------------------
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
>

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb at phy.duke.edu





More information about the Beowulf mailing list