Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
corr:accesswithoutpasswords-linuxjournal [10/05/2013 22:38]
andrew created
corr:accesswithoutpasswords-linuxjournal [10/10/2013 15:21] (current)
Line 12: Line 12:
   Submitted by Andrew Stringer (not verified) on Fri, 07/08/2011 - 04:57.   Submitted by Andrew Stringer (not verified) on Fri, 07/08/2011 - 04:57.
   ​   ​
-  I agree with many of the points above, passwords on their own can be sniffed if a keylogger is on the machine you are attempting access from. Having and ssl key with a passphrase is an improvement,​ but the key has to be processed on the potentially compromised computer and the passphrase can be recorded just as easily as a password by a keylogger.+  I agree with many of the points above, passwords on their own can be sniffed if a keylogger is on the machine you are attempting access 
 +  ​from. Having and ssl key with a passphrase is an improvement,​ but the key has to be processed on the potentially compromised computer 
 +  ​and the passphrase can be recorded just as easily as a password by a keylogger.
   ​   ​
-  I have started to us one time paswords with a pam module called Barada. This uses your android phone as a passphrase generator, secured with a PIN. +  I have started to us one time paswords with a pam module called Barada. This uses your android phone as a passphrase generator, 
-  Your login application,​ either ssh or other needs to support pam of course, on the target machine, you register users and create a seed which is copied to the phone app. To log in, you enter a PIN in to the phone app which creates a 6digit passphrase which is entered in place of your password. This is time limited to approx a 2 minute window.+  ​secured with a PIN. 
 +  Your login application,​ either ssh or other needs to support pam of course, on the target machine, you register users and create ​ 
 +  ​a seed which is copied to the phone app. To log in, you enter a PIN in to the phone app which creates a 6digit passphrase which  
 +  ​is entered in place of your password. This is time limited to approx a 2 minute window.
   If this passphrase is logged, it is of no consequence as it is not valid for reuse.   If this passphrase is logged, it is of no consequence as it is not valid for reuse.
 +  ​
   As far as I can see, this represents the best combination of security.   As far as I can see, this represents the best combination of security.
   ​   ​
   ​   ​
   ​   ​

corr/accesswithoutpasswords-linuxjournal.txt · Last modified: 10/10/2013 15:21 (external edit)