On Sun, May 6, 2012 at 8:22 AM, Alexander Kriegisch <[email protected]> wrote: > Guylhem, 05.05.2012 23:50: >> I was thinking about someone at work behind a company firewall where >> maybe only outgoing port 80 and port 23 are opened, along with deep >> packet inspection to avoid ssh listening on port 80. Or add port 443 >> to the list, but with the server decrypting the SSL and reencrypting >> it as its own certificate authority that is installed in the client >> browser, to allow inspection of encrypted data. >> >> Or maybe you prefer to use telnet because you don't have a ssh >> client. Or you are using a computer where you fear a keylogger might >> have been installed. >> >> In any of these cases, you do not want to expose your password. OTP >> is just that : a throwaway password you can use as an alternative in >> any case you don't feel comfortable exposing your password. > > Some background info so Guylhem does not need to explain everything > incl. the "hows" and "whys" from scratch: > > For those who speak German, I found the old Heise article which > initially sparked my interest in OPIE five or so years ago: > http://www.heise.de/security/artikel/Einmalpasswoerter-fuer-den-Heimgebrauch-270884.html >
It exist an English translation of the above German article :-). [1] http://www.h-online.com/security/features/One-time-passwords-for-home-users-747203.html > Probably you easily find something in English, e.g. this (I have not > read it though): > https://www.linux.com/learn/tutorials/317972-weekend-project-one-time-passwords-for-extra-linux-security > _______________________________________________ > busybox mailing list > [email protected] > http://lists.busybox.net/mailman/listinfo/busybox _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
