Untrusted terminals: OPIE vs security/pam_google_authenticator
Robert Simmons
rsimmons0 at gmail.com
Tue Jun 18 13:02:31 UTC 2019
Victor,
To throw a new wrinkle in the equation: Google Authenticator codes can be
intercepted by a phishing page. U2F protocol is even better, and can't be
intercepted via phishing.
There are U2F libraries in ports.
https://en.wikipedia.org/wiki/Universal_2nd_Factor
Cheers,
Rob
On Tue, Jun 18, 2019, 04:01 Victor Sudakov <vas at mpeks.tomsk.su> wrote:
> Dear Colleagues,
>
> I've used OPIE for many years (and S/Key before that) to login to my
> system from untrusted terminals (cafes, libraries etc).
>
> Now I've read an opinion that OPIE is outdated (and indeed its upstream
> distribution is gone) and that pam_google_authenticator would be more
> secure: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237270
>
> Is that truly so? With 20 words in OPIE and only 6 digits in
> pam_google_authenticator, how strong is pam_google_authenticator against
> brute force and other attacks?
>
>
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> 2:5005/49 at fidonet http://vas.tomsk.ru/
>
More information about the freebsd-security
mailing list