North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: 'we should all be uncomfortable with the extent to which luck ..'
On Wed, Jul 25, 2001 at 02:09:44PM -0700, Majdi S. Abbas wrote: > > On Wed, Jul 25, 2001 at 02:45:44PM -0400, David Shaw wrote: > > telnetd is not inherently bad. It is a tool that is lacking the > > session encryption and strong authentication features of SSH, but is > > still useful in some cases. Like any tool it can be used poorly, but > > that is not the fault of the tool. > > Agreed. > > > For example, when traveling, I can log in securely from any random > > Internet cafe using OPIE or S/Key one-time passwords via telnet. SSH > > requires that you trust your local machine, and OPIE assumes that you > > don't. > > Incorrect. OPIE assumes complete trust of your local machine, > but not the network. You still have to generate the hashes using your > password. Not at all. You don't have to generate the hashes on your local machine. Most people using OPIE (or any one-time password scheme) have a hardware device (i.e. Palm Pilot) to calculate the hashes. As you say, it would be rather silly to calculate the hashes on the untrusted machine! David -- David Shaw | [email protected] | WWW http://www.jabberwocky.com/ +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson
|