Date: Fri, 16 Sep 2022 01:38:35 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, freebsd-current@freebsd.org Subject: Re: Putting OPIE to rest Message-ID: <86czbwryx0.fsf@ltc.des.no> In-Reply-To: <CAD2Ti2_AQCFJRWiwErEdn1hY0Qms0=znTx3T_CjDQ4kvoKG2OQ@mail.gmail.com> (grarpamp@gmail.com's message of "Thu, 15 Sep 2022 19:00:32 -0400") References: <86h718sqdx.fsf@ltc.des.no> <CAD2Ti2_AQCFJRWiwErEdn1hY0Qms0=znTx3T_CjDQ4kvoKG2OQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
grarpamp <grarpamp@gmail.com> writes: > OPIE is the only PAM that allows printing out the future > secure tokens. Old school, secure, it just works. > > HOTP requires hardware, TOTP requires time, > neither are printable, both of those require some other > [hackable] hw/sw device that costs $$$ money, and > those devices all have different threat/failure/admin models > than simple paper. Neither HOTP nor TOTP require dedicated devices. HOTP codes are sequential and can be pre-generated and printed if that's what you prefer. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86czbwryx0.fsf>