[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Thu, 4 Dec 2003 09:42, Bernd Eckenfels <lists@lina.inka.de> wrote:
> On Wed, Dec 03, 2003 at 10:34:13AM +0100, Artur R. Czechowski wrote:
> > What about RSA tokens? This solution does not require any special
> > hardware to connect on the client side.
>
> This also means it does not provide any additional security, besides the
> costs.

What makes you think that?

Such a token uses a cryptoraphically secure algorithm to generate a new number 
every minute (or other reasonably small time period).  If you don't have the 
token then you don't have one half of what is necessary to authenticate 
yourself and can't login.

Some tokens just display a number, some require that some sort of pass (either 
a password or a code obtained from the server) be entered into the device and 
the resulting number be returned to the server.  However ssh doesn't support 
custom prompts from the server, so the best we could do is to take a code 
from the device and append it to a password to send to the server.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: