OPIE considered insecure

[Daniel Roethlisberger]

Dag-Erling Smørgrav <des at des.no> 2009-02-11:
> Daniel Roethlisberger <daniel at roe.ch> writes:
> > Your statement is of course correct, logging in from
> > untrusted machines can never be secure.  However, OPIE still
> > raises the bar on the required capabilities for an attack
> > (active, real-time attack versus passive keylogging / data
> > dumping).
> 
> This conversation reminds me of a flipchart outside the
> terminal room at an early BSDCon, with a list of passwords
> sniffed from the network and something like "if your password
> is listed below, you should consider using SSH" :)

:-)

The technical "wrong" or "right" is just one aspect of security.
Security is also about risk management; elimination being only
one possible strategy for adequately dealing with risk.

-- 
Daniel Roethlisberger
http://daniel.roe.ch/