Re: One Time Password support in debian
>>>>> "Jacob" == Jacob Kuntz <jake@megabite.net> writes:
Jacob> that solution has its problems. public key cryptography
Jacob> implimented in java is vulnerable to man-in-the-middle
Jacob> attacks unless it is able to save some data to disk between
Jacob> sessions. i'm not an expert in ssh (or java really) but i
Jacob> recall threads about this. no computer is secure,
Jacob> really. your best bet is to just not do anything too
I think OTPs are also vulnerable to man-in-the-middle attacks, too...
As for programs that support OTP, ftpd and popper in the Heimdal
package have OTP support, but I have never used in ages (strange that
telnet isn't in that list...).
Jacob> sensitive. if all you want is email, get a temporary
Jacob> account that is not linked to anything important. a webmail
Jacob> solution like hotmail would be a good start.
Another option: perhaps some sort of mail <--> WWW gateway might
work. With SSL encryption... Not sure what free mail <--> WWW gateways
exist, I am sure somebody can fill in the details for me.
--
Brian May <bam@debian.org>
Reply to: