From owner-freebsd-security@FreeBSD.ORG  Wed Feb 11 12:22:05 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 45A81106567D
	for <freebsd-security@freebsd.org>;
	Wed, 11 Feb 2009 12:22:05 +0000 (UTC) (envelope-from daniel@roe.ch)
Received: from calvin.ustdmz.roe.ch (calvin.ustdmz.roe.ch
	[IPv6:2001:41e0:ff17:face::26])
	by mx1.freebsd.org (Postfix) with ESMTP id 95A488FC0A
	for <freebsd-security@freebsd.org>;
	Wed, 11 Feb 2009 12:22:04 +0000 (UTC) (envelope-from daniel@roe.ch)
Received: from roe (ssh-from [212.254.178.176])
	by calvin.ustdmz.roe.ch (envelope-from <daniel@roe.ch>)
	with LOCAL id 1LXE6K-000MmI-EE ; Wed, 11 Feb 2009 13:22:00 +0100
Date: Wed, 11 Feb 2009 13:22:00 +0100
From: Daniel Roethlisberger <daniel@roe.ch>
To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>
Message-ID: <20090211122200.GA86644@hobbes.ustdmz.roe.ch>
Mail-Followup-To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>,
	Jason Stone <freebsd-security@dfmm.org>,
	freebsd-security@freebsd.org, Lyndon Nerenberg <lyndon@orthanc.ca>
References: <200902090957.27318.mail@maxlor.com>
	<20090209170550.GA60223@hobbes.ustdmz.roe.ch>
	<alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca>
	<20090209134738.G15166@treehorn.dfmm.org>
	<86eiy5nqjz.fsf@ds4.des.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <86eiy5nqjz.fsf@ds4.des.no>
User-Agent: Mutt/1.4.2.3i
Cc: Jason Stone <freebsd-security@dfmm.org>,
	Lyndon Nerenberg <lyndon@orthanc.ca>, freebsd-security@freebsd.org
Subject: Re: OPIE considered insecure
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2009 12:22:09 -0000

Dag-Erling Smørgrav <des@des.no> 2009-02-11:
> Jason Stone <freebsd-security@dfmm.org> writes:
> > Right, but that's not the problem they're trying to solve.
> > They're trying to solve the problem of logging in _from_ an
> > untrusted machine, to a trusted machine.
> 
> If the machine you're logging in *from* is untrusted, you're
> SOL.  Even with OPIE or similar mechanisms, somebody might
> piggyback on your SSH connection.  The best you can do is boot
> from a CD or USB fob you prepared yourself, and even then,
> there might be a hardware key logger installed on the computer.

Or the BIOS trojaned.

Your statement is of course correct, logging in from untrusted
machines can never be secure.  However, OPIE still raises the bar
on the required capabilities for an attack (active, real-time
attack versus passive keylogging / data dumping).

-- 
Daniel Roethlisberger
http://daniel.roe.ch/