[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: One Time Password support in debian

>>>>> "Jacob" == Jacob Kuntz <jake@megabite.net> writes:

    Jacob> that solution has its problems. public key cryptography
    Jacob> implimented in java is vulnerable to man-in-the-middle
    Jacob> attacks unless it is able to save some data to disk between
    Jacob> sessions. i'm not an expert in ssh (or java really) but i
    Jacob> recall threads about this. no computer is secure,
    Jacob> really. your best bet is to just not do anything too

I think OTPs are also vulnerable to man-in-the-middle attacks, too...

As for programs that support OTP, ftpd and popper in the Heimdal
package have OTP support, but I have never used in ages (strange that
telnet isn't in that list...).

    Jacob> sensitive. if all you want is email, get a temporary
    Jacob> account that is not linked to anything important. a webmail
    Jacob> solution like hotmail would be a good start.

Another option: perhaps some sort of mail <--> WWW gateway might
work. With SSL encryption... Not sure what free mail <--> WWW gateways
exist, I am sure somebody can fill in the details for me.
-- 
Brian May <bam@debian.org>
Reply to: