opie or s/key with gpg? (fwd)
Atom 'Smasher'
atom-gpg at suspicious.org
Wed Oct 8 17:56:27 CEST 2003
> Not pointless. It's possible to construct examples where OTP could be
> useful (say, a signing service or decryption server that does not give
> general access to the encrypted secret keyring), but it is not
> generally useful as a passphrase-protection mechanism.
======================================
in the current form of opie and s/key, i agree... in order for an OTP
mechanism to be helpful in protecting a file, the "standard" opie system
would have to be modified, so even if an attacker had OTP x, it could not
be used to determine OTP x+n (or OTP x-n !!!).
not at all intuitive... the knee-jerk reaction is probably to say that it
can't be done... of course, anyone who's not familiar with s/key or
opie would likely describe those as impossible, too.....
...atom
_______________________________________________
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------
"Now about Lankhmar. She's been invaded, her walls
breached everywhere and desperate fighting is going
on in the streets, by a fierce host which out-numbers
Lankhmar's inhabitants by fifty to one -- and equipped
with all modern weapons. Yet you can save the city."
"How?" demanded Fafhrd.
Ningauble shrugged. "You're a hero. You should know."
-- Fritz Leiber, "The Swords of Lankhmar"
More information about the Gnupg-users
mailing list