On Sat, Aug 27, 2005 at 03:44:14PM +0200, Rickard Dahlstrand wrote: <snip> > Right now the last line just logs the key to syslog instead of sending > it to a phone. Also not that the otp-key password is hardcoded in the > script. Not really a good idea, but I have no choice. (The file is not > world readable) > > Yes, I know this is a hack and that I should probably find something > better to do instead of wasting your time with my crappy code. BUT this > exist, and even thought you don't see the use for it, can you please > just give me a hand in pointing out if this most obvious security concerns. Since SMS is, I'm pretty sure plaintext, it has all the downsides of sending any password in the clear. > > Thanks, Rickard. >
-- BOFH excuse #306: CPU-angle has to be adjusted because of vibrations coming from the nearby road
