Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Jun 2019 09:09:19 -0400
From:      Robert Simmons <rsimmons0@gmail.com>
To:        Dan Langille <dan@langille.org>
Cc:        Victor Sudakov <vas@mpeks.tomsk.su>, freebsd-security@freebsd.org
Subject:   Re: Untrusted terminals: OPIE vs security/pam_google_authenticator
Message-ID:  <CA%2BQLa9BxXdqdvceJ%2BxNEOkBh4G1SkHN-DobnmtA=vWP_MHVU0A@mail.gmail.com>
In-Reply-To: <DD73534E-084A-44A7-83D1-60661C64A8A4@langille.org>
References:  <20190618075954.GA30296@admin.sibptus.ru> <CA%2BQLa9AkOwM14nxgXmmiH8TFewaT6HGjq7vzRQ5u4YNFNh-W-w@mail.gmail.com> <DD73534E-084A-44A7-83D1-60661C64A8A4@langille.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
You are correct for SSH.

On Tue, Jun 18, 2019, 09:07 Dan Langille <dan@langille.org> wrote:

> On Jun 18, 2019, at 9:02 AM, Robert Simmons <rsimmons0@gmail.com> wrote:
>
> On Tue, Jun 18, 2019, 04:01 Victor Sudakov <vas@mpeks.tomsk.su> wrote:
>
> Dear Colleagues,
>
> I've used OPIE for many years (and S/Key before that) to login to my
> system from untrusted terminals (cafes, libraries etc).
>
> Now I've read an opinion that OPIE is outdated (and indeed its upstream
> distribution is gone) and that pam_google_authenticator would be more
> secure: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237270
>
> Is that truly so? With 20 words in OPIE and only 6 digits in
> pam_google_authenticator, how strong is pam_google_authenticator against
> brute force and other attacks?
>
>
> Victor,
>
> To throw a new wrinkle in the equation: Google Authenticator codes can be
> intercepted by a phishing page. U2F protocol is even better, and can't be
> intercepted via phishing.
>
> There are U2F libraries in ports.
>
> https://en.wikipedia.org/wiki/Universal_2nd_Factor
>
> Cheers,
> Rob
>
>
>
> If my Google Authenticator codes are on my phone, and I'm entering them
> into my ssh session, how is a phishing page involved?
>
> =E2=80=94
> Dan Langille
> http://langille.org/
>
>
>
>
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9BxXdqdvceJ%2BxNEOkBh4G1SkHN-DobnmtA=vWP_MHVU0A>