From owner-freebsd-security@FreeBSD.ORG Wed Jul 9 08:18:38 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B71821065684 for ; Wed, 9 Jul 2008 08:18:38 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.187]) by mx1.freebsd.org (Postfix) with ESMTP id 3848B8FC36 for ; Wed, 9 Jul 2008 08:18:37 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: by gv-out-0910.google.com with SMTP id n8so407197gve.39 for ; Wed, 09 Jul 2008 01:18:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=iefFB9pyd20tInKnCYK4OFrF13FInY+00RoTs5QNsWg=; b=Fc6rhY8Uu7OJiEAt7FzV2GbYtT/HZ4IZckbNnn+Hsit1iB+E4MhxUaGadBgblGuajH a/CgEtaNtK7gZpCY+wxxP0qdOscAV8QIwHeVjRVSWMFB0xd2qLpDgzMhf57DocDc/gIp srA88CmA+1ZyWaC92CNi3vej4rkpHxCT7SPAo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=gA4CQDB+bnZ5ASNWQAwN6J7z9yp2mTwBgKrnctjUdO/roR2WuTwQavNLIW00AdWvxu 6MgkajUvDgA3rH0KRV1iya6WiHWpDkrP+iOp7HXf/uTNM0JgzEvUHgxW0nAU4Pl1Tonb 9m1ZcvhcbYYEeoJu0IQFVnxfmBSrE8o648Dso= Received: by 10.125.15.13 with SMTP id s13mr1773321mki.51.1215591516107; Wed, 09 Jul 2008 01:18:36 -0700 (PDT) Received: by 10.125.110.8 with HTTP; Wed, 9 Jul 2008 01:18:36 -0700 (PDT) Message-ID: <670f29e20807090118x1f7c4f65v74373fb43b8fe799@mail.gmail.com> Date: Wed, 9 Jul 2008 13:48:36 +0530 From: "Ivan Grover" To: "Jason Stone" In-Reply-To: MIME-Version: 1.0 References: <670f29e20807080316s6cf57612jf5135bfd340e3328@mail.gmail.com> <20080708113030.GN62764@server.vk2pj.dyndns.org> <670f29e20807080641wb6f76cctfacfbb2af2f4f7e9@mail.gmail.com> <8663rg5qvd.fsf@ds4.des.no> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: OPIE Challenge sequence X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 08:18:38 -0000 Thanks all for your valuable response. Regards, Ivan On Wed, Jul 9, 2008 at 12:57 AM, Jason Stone wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On the bright side, it should be fairly easy to write an OTP calculator >> that run on a cell phone >> > > These already exist for J2ME-enabled mobiles (which is most of them?): > > http://tanso.net/j2me-otp/ > http://otp-j2me.sourceforge.net/ > > > Systems like OPIE, where the challenge is actually issued to the user >> and not just to the user's software, require the user to have access to >> a response calculator, or to carry a sheet of precalculated responses. >> > > There exist apps (i.e., browsers, FTP clients, mailers, etc) that integrate > OPIE and can transparently respond to challenges. The user just puts in his > password, and he doesn't worry about plaintext or OPIE or whatever; the app > just does the right thing. Fetch, an FTP client for the Mac, is one such > app. > > One could argue that this encourages users to just punch in their password > and not understand if it's going to go over the wire in the clear or be used > to answer a challenge, but it's very useful when you have users who are > incapable of making such distinction in the first place and you just need to > make sure their password is secure for _your_ service. > > > -Jason > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (FreeBSD) > Comment: See https://private.idealab.com/public/jason/jason.gpg > > iD8DBQFIc7+YswXMWWtptckRAoaAAJkBnis9pNHnwuXCc6zjqESrDh8zGwCfTYWC > 41JZRoD12LhIpG3QK7cfhMU= > =w11K > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " >