From owner-freebsd-security@FreeBSD.ORG Mon Mar 2 21:19:32 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A85BF106564A for ; Mon, 2 Mar 2009 21:19:32 +0000 (UTC) (envelope-from chris@noncombatant.org) Received: from strawberry.noncombatant.org (strawberry.noncombatant.org [64.142.6.126]) by mx1.freebsd.org (Postfix) with ESMTP id 8C7388FC1A for ; Mon, 2 Mar 2009 21:19:32 +0000 (UTC) (envelope-from chris@noncombatant.org) Received: by strawberry.noncombatant.org (Postfix, from userid 1001) id 1522A866D83; Mon, 2 Mar 2009 13:19:32 -0800 (PST) Date: Mon, 2 Mar 2009 13:19:32 -0800 From: Chris Palmer To: freebsd-security@freebsd.org Message-ID: <20090302211932.GZ5602@noncombatant.org> References: <20090302021415.GU5602@noncombatant.org> <200903021410.00093.mail@maxlor.com> <20090302021415.GU5602@noncombatant.org> <87sklwiptp.fsf@jehiel.elehack.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200903021410.00093.mail@maxlor.com> <87sklwiptp.fsf@jehiel.elehack.net> User-Agent: Mutt/1.4.2.3i Subject: Re: OPIE considered insecure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2009 21:19:32 -0000 Michael Ekstrand writes: > Simple use case: checking e-mail from the library/Internet > cafe/relative's house. With Mutt or Gnus. So we're talking about a case in which we don't want attackers who own the untrustworthy client to know our password, but we are okay with them reading and forging the shell commands, emails, passwords, et c. that we use the SSH session for? Benjamin Lutz writes: > Because the inconvience of not using whatever service or data the server is > providing is considered greater than the security risk. But isn't regular password authentication the most convenient of all? If we've prioritized the ability to log in from any computer higher than we have prioritized data confidentiality or integrity, one-time password schemes are just bureaucratic overhead. The password is not the ultimate asset -- the data is. The password just lets you get it. If the attacker can get the data by other means (screenshots of the desktop, sending key events to the terminal window, et c.), that's fine by him.