OPIE considered insecure

Dag-Erling Smørgrav des at des.no
Wed Feb 11 03:47:31 PST 2009


Jason Stone <freebsd-security at dfmm.org> writes:
> Right, but that's not the problem they're trying to solve.  They're
> trying to solve the problem of logging in _from_ an untrusted machine,
> to a trusted machine.

If the machine you're logging in *from* is untrusted, you're SOL.  Even
with OPIE or similar mechanisms, somebody might piggyback on your SSH
connection.  The best you can do is boot from a CD or USB fob you
prepared yourself, and even then, there might be a hardware key logger
installed on the computer.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the freebsd-security mailing list