OPIE considered insecure
Josh Paetzel
josh at tcbug.org
Fri Feb 13 08:41:12 PST 2009
On Feb 11, 2009, at 7:50 AM, Dag-Erling Smørgrav wrote:
> Daniel Roethlisberger <daniel at roe.ch> writes:
>> Your statement is of course correct, logging in from untrusted
>> machines can never be secure. However, OPIE still raises the bar
>> on the required capabilities for an attack (active, real-time
>> attack versus passive keylogging / data dumping).
>
> This conversation reminds me of a flipchart outside the terminal
> room at
> an early BSDCon, with a list of passwords sniffed from the network and
> something like "if your password is listed below, you should consider
> using SSH" :)
>
> DES
> --
> Dag-Erling Smørgrav - des at des.no
This conversation reminds me of:
http://xkcd.com/538/
Thanks,
Josh Paetzel
More information about the freebsd-security
mailing list