opie or s/key with gpg? (fwd)

Atom 'Smasher' atom-gpg at suspicious.org
Wed Oct 8 17:56:27 CEST 2003

> Not pointless.  It's possible to construct examples where OTP could be
> useful (say, a signing service or decryption server that does not give
> general access to the encrypted secret keyring), but it is not
> generally useful as a passphrase-protection mechanism.

in the current form of opie and s/key, i agree... in order for an OTP
mechanism to be helpful in protecting a file, the "standard" opie system
would have to be modified, so even if an attacker had OTP x, it could not
be used to determine OTP x+n (or OTP x-n !!!).

not at all intuitive... the knee-jerk reaction is probably to say that it
can't be done... of course, anyone who's not familiar with s/key or
opie would likely describe those as impossible, too.....


PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

        "Now about Lankhmar.  She's been invaded, her walls
	 breached everywhere and desperate fighting is going
	 on in the streets, by a fierce host which out-numbers
	 Lankhmar's inhabitants by fifty to one -- and equipped
	 with all modern weapons.  Yet you can save the city."

        "How?" demanded Fafhrd.

         Ningauble shrugged.  "You're a hero.  You should know."
                -- Fritz Leiber, "The Swords of Lankhmar"

More information about the Gnupg-users mailing list