Re: two factor authentication
This is a discussion on Re: two factor authentication within the OpenSSH Development forums, part of the Networking and Network Related category; William Ahern wrote: > On Sun, Jul 23, 2006 at 10:16:12AM +1000, Darren Tucker wrote: >> Going ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-23-2006
|
|||
|
|||
Re: two factor authentication
William Ahern wrote:
> On Sun, Jul 23, 2006 at 10:16:12AM +1000, Darren Tucker wrote: >> Going back to the first part: while requiring both password and >> public-key would probably improve security, personally I think the >> private key is another instance of "something you know" (although with >> the useful property of being able to prove you know it without >> disclosing it) since it can be copied, printed out, emailed... > > Excluding public keys exported from a smart card. For real smart cards (i.e. > not USB memory sticks w/ a PKCS#11 library), the private key is not known > even by the user holding the card (unless you work at IBM and own an > electron scanning microscope). That's true, and I should have mentioned it. My statement above applies only to the standard file-based public-key authentication (ie ~/.ssh/id_rsa and friends). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://lists.mindrot.org/mailman/lis...enssh-unix-dev 
|
Linear Mode
