Date: Wed, 24 Jan 2001 11:40:28 -0600 (CST) From: Shawn Barnhart <swb@accord.grasslake.net> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Non-sequential one-time passwords? Message-ID: <Pine.BSF.4.21.0101241050340.4086-100000@accord.grasslake.net> In-Reply-To: <20010123205759.C26378@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 23 Jan 2001, Kris Kennaway wrote: > Nope. There are security implications to doing this anyway..this would > partly defeat the protection afforded by OTP schemes. I presume the security implications are algorithmic to the S/Key system, and not just the risk associated with N "good" passwords available at any one time. Because as far as I'm concerned, having N good one-time passwords in the hands of the internal people that will pass them out is less risky than handing out a "permanent" password. > What you need is to teach your users how to calculate password > challenge responses themselves, either using one of the FreeBSD tools > or an online javascript calculator (these exist, but I don't have a > URL handy). This is as simple as pasting the OTP challenge into a > website and entering their passphrase, then pasting the response in. I agree. But then again, this is a group that as a whole finds basic Macintosh tasks challenging, and the people who would use this are as of yet unknown to me or our organization, so there's no "advance" teaching possible. Trying to explain why a publicly writable and readable FTP site was a bad idea in the first place was a challenge itself. > Providing your users with a list of the next n passwords they will > need to use is only a convenience, they can do it on demand when > presented with the login challenge, given an available OTP calculator. With any normal group of people, yes. Not with this lot. -- swb@grasslake.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101241050340.4086-100000>