Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 9 Feb 2009 12:49:02 -0800 (PST)
From:      Lyndon Nerenberg <lyndon@orthanc.ca>
To:        Daniel Roethlisberger <daniel@roe.ch>
Cc:        freebsd-security@freebsd.org
Subject:   Re: OPIE considered insecure
Message-ID:  <alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca>
In-Reply-To: <20090209170550.GA60223@hobbes.ustdmz.roe.ch>
References:  <200902090957.27318.mail@maxlor.com> <20090209170550.GA60223@hobbes.ustdmz.roe.ch>

next in thread | previous in thread | raw e-mail | index | archive | help
> While I agree that OPIE can be improved, I think that the current
> OPIE implementation is still much better than having to use
> passwords from untrusted machines.  I also prefer current OPIE to
> copying SSH private keys to untrusted machines.  So until there
> is a more secure alternative, I really don't think removing OPIE
> would have a positive effect on security.

The machine you are logging IN TO does not require your private key, just
your public key.


--lyndon

   Linux -- Where Quantity is Job One!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0902091246280.61088>