Date: Wed, 19 Jun 2019 09:05:12 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-security@freebsd.org Subject: Re: Untrusted terminals: OPIE vs security/pam_google_authenticator Message-ID: <20190619020512.GA64608@admin.sibptus.ru> In-Reply-To: <CA%2BQLa9AkOwM14nxgXmmiH8TFewaT6HGjq7vzRQ5u4YNFNh-W-w@mail.gmail.com> References: <20190618075954.GA30296@admin.sibptus.ru> <CA%2BQLa9AkOwM14nxgXmmiH8TFewaT6HGjq7vzRQ5u4YNFNh-W-w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Robert Simmons wrote: >=20 > To throw a new wrinkle in the equation: Google Authenticator codes can be > intercepted by a phishing page.=20 In my case, no page is involved, just the FreeOTP app on my Android phone (which is less convenient than a sheet of paper with OPIE passwords, but I can live with that). > U2F protocol is even better, and can't be > intercepted via phishing. >=20 > There are U2F libraries in ports. >=20 > https://en.wikipedia.org/wiki/Universal_2nd_Factor U2F (and Yubikey) require purchase of hardware devices. In this sense, they are not replacements for OPIE, which is a pure software solution.=20 Back to my original question. 1. Is it safe to keep OPIE in the base system? Its upstream project is gone. It is not IPv6 ready. It uses MD5. 2. If OPIE is not safe anymore, which is a good software replacement?=20 --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJdCZhYAAoJEA2k8lmbXsY0YtgH/3W6x6I99qbATT/cNMtd+KGq fyOHglgWJn73720MpidV6cZbTwHMhAaRISFxXRAT2VAqN/zwvrgS1rRVVgTJR7Ob NxrrzgA25YG1NbhEMdltGqSOk8oca8TRK0SY54tk3cs2YGL5Msf/Fhssbmj2iQbM evavbdBwY7DJxOojdzvOYo56sa5DYwjax9ngwHtcwJp/24f5rEgbyoGP60/mrEsn ko3UPS0P3jK7ujo9/5OtIovyjh1vCY45abb7SQ/KarrOV7VfNTJy1ISnSiPYVXWT 4mpSsfq4AOTUxnxjgzg/DN70HT6sW4QiJsL3yFvLMGFUah3ICiKnYOeMODsLqNU= =q8wU -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190619020512.GA64608>