Nomoa.com

Paving the way for .NET in Tonga

Low No Cost Tech

Categories
Main Menu
Dot This
Subscribe to Our RSS Feed Subscribe to Comments Feed Signup for MSN Alerts to Nomoa.com: Articles Signup for Yahoo Alerts to Nomoa.com :: News Articles
Get RSSOwl
Google Ads
Mind Dumps Go Here + Low ~ No Cost Technology 4 Productivity + OpenBSD
Browse in : All > Soap Box
All > Soap Box > Low No Cost Tech
All > Soap Box > OpenBSD
Any of these categories - All of these categories

bsdtalk117 - One Time Passwords

Soap Box
Posted by: Samiuela LV Taufa on June 14, 2007 3:29:00 PM

Will Backman has a great podcast on how you can better secure your communications between yourself and your servers from remote unsecured spaces through the use of One Time Passwords (passphrases) on FreeBSD, NetBSD, and OpenBSD.

The Joy of S/Key

One Time Passwords (OTP) are certainly nothing new. In fact, they have been in use for over ten years. The idea is essentially very simple: every time you login to a system, you use a different password. If someone were to eavesdrop on the connection, the password they captured would be useless to them.

In 1994, Neil Haller of Bellcore announced the “S/KEY One Time Password System” at the Symposium on Network and Distributed System Security. It described a practical way to implement OTP that was both secure and simple. Over the years it has matured into strong, practical system that is now described by RFC2289.

The initial summary of Will's podcast is

bsdtalk117 - One Time Passwords

  • Important when you don't trust the computer you are using, such as a library computer or internet kiosk.
  • Available by default in Free/Net/Open BSD.
  • FreeBSD uses OPIE, Net/Open use S/Key.
  • One time passwords are based on your pass phrase, a non-repeating sequence number, and a seed.
  • Initial setup should be done directly on the server.
  • "skeyinit" for Net/Open, "opiepasswd -c" for FreeBSD.

    • Now you can safely (?) login to your machine from insecure locations.

    Again from The Joy of S/Key

    It is true that SSH arguably does a better job of protecting passwords from eavesdroppers. In fact SSH provides for more than that, and it also protects all content from eavesdroppers. However there is one very common form of attack to which SSH is not immune: keylogging. Keyloggers record the keys you hit, and they don't care whether you're using an SSH client or telnet. They have to be installed on the machine you are using, either in software or hardware. However, now that we live in the age of Microsoft and Cybercafes, using a trojanised machine is all too easy to do. What most people don't realise is that SSH, or at least OpenSSH, is already S/KEY aware. So why not use it ?

    So, please download and listen to the podcast

    Reference:

    Wikipedia: S/Key

    print view
    Next >  
    < Previous  
    PermaLink

    There are no comments attached to this item.

    Ratings
    Options :
    View Article Map
    Log In to Contribute
    View Archives