OPIE considered insecure
Dag-Erling Smørgrav
des at des.no
Wed Feb 11 03:47:31 PST 2009
Jason Stone <freebsd-security at dfmm.org> writes:
> Right, but that's not the problem they're trying to solve. They're
> trying to solve the problem of logging in _from_ an untrusted machine,
> to a trusted machine.
If the machine you're logging in *from* is untrusted, you're SOL. Even
with OPIE or similar mechanisms, somebody might piggyback on your SSH
connection. The best you can do is boot from a CD or USB fob you
prepared yourself, and even then, there might be a hardware key logger
installed on the computer.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list