Re: Backport of the integer overflow in the brk system call
On Thu, 4 Dec 2003 09:42, Bernd Eckenfels <lists@lina.inka.de> wrote:
> On Wed, Dec 03, 2003 at 10:34:13AM +0100, Artur R. Czechowski wrote:
> > What about RSA tokens? This solution does not require any special
> > hardware to connect on the client side.
>
> This also means it does not provide any additional security, besides the
> costs.
What makes you think that?
Such a token uses a cryptoraphically secure algorithm to generate a new number
every minute (or other reasonably small time period). If you don't have the
token then you don't have one half of what is necessary to authenticate
yourself and can't login.
Some tokens just display a number, some require that some sort of pass (either
a password or a code obtained from the server) be entered into the device and
the resulting number be returned to the server. However ssh doesn't support
custom prompts from the server, so the best we could do is to take a code
from the device and append it to a password to send to the server.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: