Guylhem, 05.05.2012 23:50: > I was thinking about someone at work behind a company firewall where > maybe only outgoing port 80 and port 23 are opened, along with deep > packet inspection to avoid ssh listening on port 80. Or add port 443 > to the list, but with the server decrypting the SSL and reencrypting > it as its own certificate authority that is installed in the client > browser, to allow inspection of encrypted data. > > Or maybe you prefer to use telnet because you don't have a ssh > client. Or you are using a computer where you fear a keylogger might > have been installed. > > In any of these cases, you do not want to expose your password. OTP > is just that : a throwaway password you can use as an alternative in > any case you don't feel comfortable exposing your password.
Some background info so Guylhem does not need to explain everything incl. the "hows" and "whys" from scratch: For those who speak German, I found the old Heise article which initially sparked my interest in OPIE five or so years ago: http://www.heise.de/security/artikel/Einmalpasswoerter-fuer-den-Heimgebrauch-270884.html Probably you easily find something in English, e.g. this (I have not read it though): https://www.linux.com/learn/tutorials/317972-weekend-project-one-time-passwords-for-extra-linux-security _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
