Date: 19 Jun 2002 19:01:38 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: twig les <twigles@yahoo.com> Cc: Eric F Crist <ecrist@adtechintegrated.com>, 'Michael Sierchio' <kudzu@tenebras.com>, 'Ryan Thompson' <ryan@sasknow.com>, freebsd-security@FreeBSD.ORG Subject: Re: Password security Message-ID: <xzphejzgq31.fsf@flood.ping.uio.no> In-Reply-To: <20020619164844.42032.qmail@web10103.mail.yahoo.com> References: <20020619164844.42032.qmail@web10103.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
twig les <twigles@yahoo.com> writes: > As for the initial problem... I would take the lazy > admin way out and upgrade the windoze SSH client to > one that uses keys AND passwds (like ssh.com). You > can give your users their key on a floppy with a > notepad file on how to install this client on their > home machine and where to put the key. That might be doable if you can somehow force users to pick good passphrases for their keys, but it doesn't defend against keyboard sniffing or a trojaned ssh client. I'd use OPIE, though you need a trusted, portable device (such as a PDA) for computing responses, otherwise someone could trojan your OPIE calculator and snarf your passphrase. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzphejzgq31.fsf>