Menu
▾
▴
Re: [Devil-Linux-discuss] hard tokens
|
From: Moray M. <mmc...@ox...> - 2008-10-24 13:50:59
|
>What's the difference between a USB/software key and just putting your private key on a USB stick? Two-factor: "something you have and something you know". Sure you can steal the USB key, but how these things often work is that you enter a passcode which you know into the software or hardware, and it gives you back a one-time key. You can only get a valid one-time key if you know the passcode and if you have the device which matches that passcode. So to steal it you need to steal the password and the device from the user. One of the funniest things I've ever seen in my working life is when a user brought out his credit-card-sized OTP generator and it turned out he had written his passcode in indelible ink on the back :-> DUHH! m. ------------------------------------- Moray McConnachie Head of IS +44 1865 261 600 Oxford Analytica http://www.oxan.com -----Original Message----- From: Bruce Smith [mailto:bw...@re...] Sent: 24 October 2008 12:33 To: dev...@li... Subject: Re: [Devil-Linux-discuss] hard tokens I admit that I've never researched this subject, but ... Can't software tokens and USB keys easily be copied? Doesn't that defeat the purpose? - BS > I found some infos, in case someone else is interested too. > It's all free and seems to work with software tokens, so a hardware > token should hopefully work too. > > http://www.oiepoie.nl/2008/05/02/free-strong-two-factor-authentication > -using-one-time-passwords-on-your-mobile-phone/ > http://www.tri-dsystems.com/documentation/quickstart.html > http://fbq.hamal.nl/index.php/archives/8#more-8 > > -- > > Regards > Heiko Zuerker > http://www.devil-linux.org ------------------------------------------------------------------------ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
