From owner-freebsd-security@FreeBSD.ORG  Fri Feb 13 16:41:12 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 77B9B1065672
	for <freebsd-security@freebsd.org>;
	Fri, 13 Feb 2009 16:41:12 +0000 (UTC) (envelope-from josh@tcbug.org)
Received: from out5.smtp.messagingengine.com (out5.smtp.messagingengine.com
	[66.111.4.29]) by mx1.freebsd.org (Postfix) with ESMTP id 49D878FC18
	for <freebsd-security@freebsd.org>;
	Fri, 13 Feb 2009 16:41:12 +0000 (UTC) (envelope-from josh@tcbug.org)
Received: from compute1.internal (compute1.internal [10.202.2.41])
	by out1.messagingengine.com (Postfix) with ESMTP id 52EAC2935FD;
	Fri, 13 Feb 2009 11:21:52 -0500 (EST)
Received: from heartbeat1.messagingengine.com ([10.202.2.160])
	by compute1.internal (MEProxy); Fri, 13 Feb 2009 11:21:52 -0500
X-Sasl-enc: tvOae+8XRAVdL65nnC3K8iXv1lsP6dhiffu/AUtN8dVz 1234542112
Received: from [10.0.1.199] (c-66-41-132-190.hsd1.mn.comcast.net
	[66.41.132.190])
	by mail.messagingengine.com (Postfix) with ESMTPSA id C6BC2272CC;
	Fri, 13 Feb 2009 11:21:51 -0500 (EST)
Message-Id: <74704C56-60C9-4074-900E-15CFA735B840@tcbug.org>
From: Josh Paetzel <josh@tcbug.org>
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
In-Reply-To: <86skmlm6aa.fsf@ds4.des.no>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Fri, 13 Feb 2009 10:21:48 -0600
References: <200902090957.27318.mail@maxlor.com>
	<20090209170550.GA60223@hobbes.ustdmz.roe.ch>
	<alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca>
	<20090209134738.G15166@treehorn.dfmm.org>
	<86eiy5nqjz.fsf@ds4.des.no>
	<20090211122200.GA86644@hobbes.ustdmz.roe.ch>
	<86skmlm6aa.fsf@ds4.des.no>
X-Mailer: Apple Mail (2.930.3)
Cc: Jason Stone <freebsd-security@dfmm.org>,
	Lyndon Nerenberg <lyndon@orthanc.ca>, freebsd-security@freebsd.org
Subject: Re: OPIE considered insecure
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2009 16:41:12 -0000


On Feb 11, 2009, at 7:50 AM, Dag-Erling Sm=F8rgrav wrote:

> Daniel Roethlisberger <daniel@roe.ch> writes:
>> Your statement is of course correct, logging in from untrusted
>> machines can never be secure.  However, OPIE still raises the bar
>> on the required capabilities for an attack (active, real-time
>> attack versus passive keylogging / data dumping).
>
> This conversation reminds me of a flipchart outside the terminal =20
> room at
> an early BSDCon, with a list of passwords sniffed from the network and
> something like "if your password is listed below, you should consider
> using SSH" :)
>
> DES
> --=20
> Dag-Erling Sm=F8rgrav - des@des.no

This conversation reminds me of:

http://xkcd.com/538/

Thanks,

Josh Paetzel=