-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Scheffler wrote:
> Am Dienstag, 6. M?rz 2007 06:44 schrieb Volodya:
>> One thing that might be done is not having an increadibly secure
>> password protection (just secure enough), but when somebody adds
>> themselves via password they get added in the disabled mode, then the
>> person tells you "It asks me to tell you to enable me" and you do so.
>> If somebody intersepts the password in between and uses it, the second
>> person will get a request to inform you that password has been used
>> already, so you just go and delete the bugger who used it.
>>
>> In other words: Bring security away from the machine and to the person.
>
> Yes, sounds reasonable at first.
> But how to distinguish MITM and the authorized peer?
'Authorised peer' will tell you that an was unable to connect, and then you
know that
somebody intercepted the password.
Like i said it is *still* a 1 time password, meaning that if real user typed it
the
intruder won't be able to use it, so intruder must do it before the real peer
does, which
will raise the alarm since that peer is your friend and you will be immediately
informed
that 'pass doesn't work, mate'.
- Volodya
- --
http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast
http://freeselfdefence.info/ Self-defence wiki
http://www.kingstonstudents.org/ Kingston University students' forum
"None of us are free until all of us are free." ~ Mihail Bakunin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFF7Qe/uWy2EFICg+0RAlFjAKDkypEG+pzTe+4ag4xxyqD+oRhjzACfZT5S
e7tga3oXIvonTaOT0hZb/L8=
=8zKA
-----END PGP SIGNATURE-----
