On Monday 20 June 2005 01:32 am, Ben Hooper wrote: > |>I thought you had more insight. All of OpenBSD's security is > |at risk with > |>this technology. > |> > |The security features of an OS will not stop a physical attack, no > |matter how well designed. This is no different than the admin leaving > |root's password on a post-it note stuck to the underside of the file > |drawer. If you don't trust your physical environment, change it. In > |this case, I'd remove the 'secure' flag from ttyCn, and use either a > |serial console or SSH in from a keyboard I trusted (by buying > |it myself > |from a retailer, and using appropriate tamper-evident tape). > > > One Time Passwords such as skey(1) are also good for insecure environments. > > Ben.
I just read the man page for skey, but I still don't quite understand how it works. Would I use a calculator to generate a response that I type in response to a challenge, or what?
