Brian W. wrote: > John H. Robinson, IV wrote: > >[EMAIL PROTECTED] wrote: > > > >>I've not had good luck with this approach and wondered how > >>others securely call home on a foreign Windoze box. > > > >Unless the system is under your control, you don't. End of statement. > > > >If there is a keylogger, and you use a passphrase to unluck your key, > >the attacker has your key and passphrase. Not a good combination. > > If you're that concerned use a dynamic challenge response system.
You miss the point. If there is a keylogger (hardware or software) on the system, and you use a One Time Password (OTP) type system, the attacker STILL has a record of all of your keystrokes, and can still recreate (at least your half) of the dialog with the remote system, including any authentications to other remote systems. If you use OTP's everywhere, no authentication tokens are passed. Do you really want someone to have a dialog of your session? Or even just half? The gist of the message: If you do not control the box, or it is not under the control of someone you trust, then that system has to be considered hostile and untrustable, no matter what you try to do. > >-john -- KPLUG-List mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
