From owner-freebsd-security@FreeBSD.ORG Mon Mar 2 02:32:54 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AC6E106566C for ; Mon, 2 Mar 2009 02:32:54 +0000 (UTC) (envelope-from chris@noncombatant.org) Received: from strawberry.noncombatant.org (strawberry.noncombatant.org [64.142.6.126]) by mx1.freebsd.org (Postfix) with ESMTP id 779D58FC17 for ; Mon, 2 Mar 2009 02:32:54 +0000 (UTC) (envelope-from chris@noncombatant.org) Received: by strawberry.noncombatant.org (Postfix, from userid 1001) id 29410866D77; Sun, 1 Mar 2009 18:14:15 -0800 (PST) Date: Sun, 1 Mar 2009 18:14:15 -0800 From: Chris Palmer To: freebsd-security@freebsd.org Message-ID: <20090302021415.GU5602@noncombatant.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Subject: Re: OPIE considered insecure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2009 02:32:54 -0000 Rich Healey writes: > I'm thinking about implementing OPIE, but after reading this I'm not so > sure. What's consensus on the best approach to one time logins? Why are people logging into their remote servers from assumed-untrustworthy clients at all?