Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Feb 2009 05:07:09 +1100
From:      Peter Jeremy <peterjeremy@optushome.com.au>
To:        Lyndon Nerenberg <lyndon@orthanc.ca>
Cc:        freebsd-security@freebsd.org
Subject:   Re: OPIE considered insecure
Message-ID:  <20090211180709.GB1467@server.vk2pj.dyndns.org>
In-Reply-To: <alpine.BSF.2.00.0902091519580.61088@mm.orthanc.ca>
References:  <200902090957.27318.mail@maxlor.com> <20090209170550.GA60223@hobbes.ustdmz.roe.ch> <alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca> <20090209134738.G15166@treehorn.dfmm.org> <alpine.BSF.2.00.0902091402040.61088@mm.orthanc.ca> <20090209224806.GB63675@hobbes.ustdmz.roe.ch> <alpine.BSF.2.00.0902091519580.61088@mm.orthanc.ca>

next in thread | previous in thread | raw e-mail | index | archive | help

--m51xatjYGsM+13rf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2009-Feb-09 15:30:33 -0800, Lyndon Nerenberg <lyndon@orthanc.ca> wrote:
> From what you're describing, I would be more inclined to carry a bootable=
=20
> OS on that USB stick and reboot into that.

Keep in mind that libraries, internet cafes etc aren't going to be keen
on you turning up with some (to them) random USB stick and wanting to
reboot their pride-and-joy off it.

I suspect your choices are to either use OPIE (or some adaption thereof)
with ssh on an untrusted computer and assume that anything you type will
be logged or carry your own trusted computer and use some form of wireless
(3G, NextG etc) to communicate with your systems.

Note that using very large sequence numbers should slow down an
attacker (though only linerarly) since they still need to iterate
MD5 by that many rounds.

--=20
Peter Jeremy

--m51xatjYGsM+13rf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (FreeBSD)

iEYEARECAAYFAkmTE80ACgkQ/opHv/APuIf4FACdGz/PEfj14bVhQaUoM51/0Di4
AAoAniv8BiK94fTwH7v4QoJeTbR8CNsq
=t+Bx
-----END PGP SIGNATURE-----

--m51xatjYGsM+13rf--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090211180709.GB1467>