[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sun, 28 Mar 2010, Simon Waters wrote:
tom wrote:Because the intercepted data means nothingIf your PC is compromised data can be intercepted before it is encrypted. Key logger, or just redirect you to a fake site (you couldn't tell).
Or this: http://www.theregister.co.uk/2010/03/26/open_source_wireless_sniffer/
From that article:
"Microsoft made it easy for us because they used their own proprietary crypto," Schroder said. "Xor is not a very proper way to secure data."I like the idea of one-time non-reusable or challenge-response passwords, but it needs a hardware device (or a paper-list!) in conjunction with conventional usernames & passwords... I did try S/Key once - with a real company who were looking at various ways for secure remote authentication... (on top of ssh sessions) It went down like a lead baloon.
RSA datakeys seem good, but rely on accurate time synchronisation, but they're expensive. The nat-west card reader thingy could have been so much better if they'd actually put proper calculator functions into the device!
Someone want to come up with a good challenge/response calculator and make it for under a dollar?
Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html