Could we please kill this thread if it does not have anymore to
contribute to FreeBSD security specifically?
Jon
On Mar 2, 2009, at 6:32 PM, "Rich Healey"
wrote:
-Original Message-
From: owner-freebsd-secur...@freebsd.org
[mailto:owner-freebsd-secur...@freebsd.org] On Behalf Of
-Original Message-
From: owner-freebsd-secur...@freebsd.org
[mailto:owner-freebsd-secur...@freebsd.org] On Behalf Of Chris Palmer
Sent: Monday, 2 March 2009 1:14 PM
To: freebsd-security@freebsd.org
Subject: Re: OPIE considered insecure
Rich Healey writes:
> I'm thinking about implementi
On Mon, Mar 02, 2009 at 01:19:32PM -0800, Chris Palmer wrote:
> ...
> Benjamin Lutz writes:
>
> > Because the inconvience of not using whatever service or data the server is
> > providing is considered greater than the security risk.
>
> But isn't regular password authentication the most conveni
Michael Ekstrand writes:
> Simple use case: checking e-mail from the library/Internet
> cafe/relative's house. With Mutt or Gnus.
So we're talking about a case in which we don't want attackers who own the
untrustworthy client to know our password, but we are okay with them reading
and forging th
Chris Palmer writes:
> Rich Healey writes:
>> I'm thinking about implementing OPIE, but after reading this I'm not so
>> sure. What's consensus on the best approach to one time logins?
>
> Why are people logging into their remote servers from assumed-untrustworthy
> clients at all?
Simple use cas
On Monday 02 March 2009 03:14:15 Chris Palmer wrote:
> Why are people logging into their remote servers from
> assumed-untrustworthy clients at all?
Because the inconvience of not using whatever service or data the server is
providing is considered greater than the security risk.
Cheers
Benjamin
