[fw-wiz] Token based OTP: SafeWord or SecurID?
Mon, 25 Sep 2000 12:21:54 -0700
>On the other hand, it makes the PIN weaker since it can be sniffed. Does
>anyone think this matters?
>firstname.lastname@example.org roseville, minnesota
Used in conjunction with SSH or some other encrypted protocol it matters
much, used in conjunction with telnet I would say it still matters
somewhat..although telnet or other cleartext authentification is a bad idea
in any event because someone who could sniff you secure ID could just as
easily hijack your session..
The only real use of a PIN prevents someone who has stolen the card from
gaining immediate access to the system of course this is assuming you don't
let your users use 1234 as their secure pin :)...
Out of curiosity does anyone know if there are Smart-Card security cards
out there the work on public Key cryptography? (Computer passes you a
random token, card signs it and passes it back? System verifies it by
checking against public key) obvious drawback of this type of system is of
course you need extra hardware on your workstations...Unless of course you
could interface it with floppy/pcmcia/Serial/Parallel/etc...