Re: Interest in One-Time Password tokens?

Wed, 20 Oct 2010 10:59:58 -0700 

Greetings,
Ah the "one time pad" remember Venona (http://en.wikipedia.org/wiki/Venona_project) 

This gizmo does indeed sound cool.  Far better than the SecureID system.

Regards,

Paul

On Wed, 20 Oct 2010, William Stearns wrote:


Date: Wed, 20 Oct 2010 12:07:10 -0400
From: William Stearns <[email protected]>
Reply-To: Vermont Area Group of Unix Enthusiasts <[email protected]>
To: [email protected]
Subject: Re: Interest in One-Time Password tokens?

Good morning, Josh,

On Tue, 19 Oct 2010, Josh Sled wrote:


William Stearns <[email protected]> writes:

        I'll place an order before the end of October to get them here
before November meetings.


As a quick note (and more complete and formal notice will be
forthcoming): the November VAGUE meeting will be on Wednesday, November
10th.


        Perfect - they'll be in before then.


        This OTP device looks like an even smaller version of a thumb
drive, and also plugs into a USB port.  When you press the sole button
on the top it acts like a USB keyboard and spits out a single-use 44


Why couldn't this be provided by free software on my phone?

Of course, a $30 keychain token is much less expensive than a
new smartphone plus the required cell phone and data plans,
but we're converging that way anyways?


        It can!

	I'm always a fan of fewer devices doing more tasks, and there's 
certainly OTP software available for multiple platforms and the iPhone (App 
Store/mOTP; not tried it yet).



	A decade of teaching for a security training firm has drilled, among 
other concepts, the idea that security devices should be _isolated_. Separate 
physical systems, separate VM's, separate network segments, few or no 
services to access them, etc.  In this case, the Yubikey gives that isolation 
quite handily.
	The AES key it holds _can't_ come out of the key.  At all.  Ever. I 
can load a new one into it with some customization software, but it's never 
coming out.

        Cheers,
        - Bill

---------------------------------------------------------------------------
       "I give up, how DO you keep a mathematician busy for 350 years?"
       -- Pierre de Fermat's friend
(Courtesy of Tim Connors <[email protected]>)
--------------------------------------------------------------------------
William Stearns ([email protected], tools and papers: www.stearns.org)
Top-notch computer security training at www.sans.org , www.giac.net
--------------------------------------------------------------------------



Kindest Regards,



Paul Flint
(802) 479-2360


/************************************
Based upon email reliability concerns,
please send an acknowledgment in response to this note.

Paul Flint
Barre Open Systems Institute
17 Averill Street
Barre, VT
05641

http://www.bosivt.org
http://www.flint.com/home
skype: flintinfotech
Work: (202) 537-0480

Consilium                                       _
gratuitum        .~.     ASCII ribbon campaign ( )
valet            /V\      against HTML e-mail   X
quanti          /( )\     www.asciiribbon.org  / \
numerantur      ^^-^^






















					Reply via email to