Results 1 to 4 of 4

Thread: One Time Password for FreeBSD

  1. #1
    Senior Member
    Join Date
    Aug 2002

    One Time Password for FreeBSD

    Hi guys/girls Check out this :
    "There is another authentication system known as One Time Passwords (OTP). As the name suggests, you can only use a password once; you aren't allowed to reuse it. An OTP system ensures that a discovered password is useless to the person who discovers it. This can provide a bit more security in a world that contains password crackers, packet sniffers, and keyloggers. "

    The link http://www.onlamp.com/lpt/a/3173

    Not an image or image does not exist!
    Not an image or image does not exist!

  2. #2
    Join Date
    Feb 2003
    Nice .. cool keep on roling sweet_angel ! I have find this info very useful to me ..
    If you have knowlage about some shell activities on the net anounce me please .
    There is no diference betwen God and Devil. The only good and evil is the one we belive in .

  3. #3
    Join Date
    Dec 2002
    nice angel
    been reading about it in my bsd handbook that I just bought!
    shell activity try grex.org or freeshell.org

  4. #4
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Indeed this is a very safe way to prevent "man in the middle" attacks, or other ways of preventing someone from "stealing" your password. The "man in the middle" attack is a form of packet capturing, and resending it at a later time. This attack is mainly used if the loggon procedure is encrypted and the attacker cannot find the password in clear text format. But also be aware that the one time passwords is a good exmaple when we say that security takes away comfort. For many users its really annoying. Banks use this method often. It it indeed high security, but its not so easy to convince users to go through that procedure. Dont get me wrong, i love the one time passwords, its really great...but not so easy to use. I recomend this type of protection only for remote logins, not local ones. (not talking bout shell in this example, but for .htaccses remotely). The bad side with this is that you actually have to keep a piece of paper or a file somewhere which contains all these passwords. Comfort has shown that this piece of paper is never far from the computer itself. It would need a little explaining done for the user who is going to use this method, of do's, and dont's. Im not talking about the AO security gurus, for them its easy to understand and accomplish. Im talking about the admins who will want to implemet this for their users, as a company or any other institution that has many users. Remember that not all users are security orientated. Never the less, excellent post their sweet_angel.

    (did you know that the one way passwords can be encrpyted upto 1024 bits )

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts