[Beowulf] One time password generators...

Leif Nixon nixon at nsc.liu.se
Thu Mar 26 09:57:42 EDT 2009


"Robert G. Brown" <rgb at phy.duke.edu> writes:

> But that's simply controlling the incoming client, and I AGREE
> that this is what one has to do to make ANYTHING secure.  Now
> demonstrate to me any additional advantage to using yubikeys, secureids,
> or anything else you like over simple ssl or ssh bidirectionally secured
> unspoofable unsnoopable connections with no password at all.

Well, some banks over here have a authentication system that uses a
hardware crypto token with a keypad. You use it for a challenge-response
procedure to log in to the Internet banking site - nothing new so far -
but you also use it to sign (using challenge-response) each bunch of
transactions you perform on the banking site. And - this is the key
point - to sign the transactions you actually enter certain parts of the
transaction data (like the total amount to transfer) into the crypto token.

Even with total control over the client PC, it's real hard for an
attacker to do anything really evil in that setting.

-- 
Leif Nixon                       -            Systems expert
------------------------------------------------------------
National Supercomputer Centre    -      Linkoping University
------------------------------------------------------------
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the Beowulf mailing list