[Beowulf] One time password generators...

Leif Nixon nixon at nsc.liu.se
Wed Mar 25 06:53:24 EDT 2009


"Robert G. Brown" <rgb at phy.duke.edu> writes:

> On Tue, 24 Mar 2009, Billy Crook wrote:
>
>> And if your users don't like typing long random things in, but you
>> still want them to use one-time credentials:
>> http://www.yubico.com/products/yubikey/
>
> This one I had found -- it isn't exactly like the secureid thing, but it
> looks like it would work in a self-sufficient way, and one can
> overload/reload it with your own AES keys so that you really aren't
> relying in any way on a third party for authentication.

The Yubikey is really nifty. (Of course, it's Swedish. 8^) )

I like the price and the form factor, and the really clever,
in-hindsight-obvious idea of the Yubikey pretending to be a USB keyboard
and entering the OTP for you.

The one thing I dislike is that it is based on a symmetric scheme. All
AES keys are stored on the authentication server. If the authentication
server ever gets compromised, you have to replace or rekey your entire
deployed base of Yubikeys.

-- 
Leif Nixon                       -            Systems expert
------------------------------------------------------------
National Supercomputer Centre    -      Linkoping University
------------------------------------------------------------
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the Beowulf mailing list