D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Linux to the rescue part2

 

On Sun, 28 Mar 2010, Simon Waters wrote:

tom wrote:
Because the intercepted data means nothing
If your PC is compromised data can be intercepted before it is
encrypted. Key logger, or just redirect you to a fake site (you couldn't
tell).
Or this:

  http://www.theregister.co.uk/2010/03/26/open_source_wireless_sniffer/

From that article:
  "Microsoft made it easy for us because they used their own proprietary
  crypto," Schroder said. "Xor is not a very proper way to secure data."

I like the idea of one-time non-reusable or challenge-response passwords, but it needs a hardware device (or a paper-list!) in conjunction with conventional usernames & passwords... I did try S/Key once - with a real company who were looking at various ways for secure remote authentication... (on top of ssh sessions) It went down like a lead baloon.
RSA datakeys seem good, but rely on accurate time synchronisation, but 
they're expensive. The nat-west card reader thingy could have been so much 
better if they'd actually put proper calculator functions into the device!
Someone want to come up with a good challenge/response calculator and make 
it for under a dollar?
Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html