opie or s/key with gpg? (fwd)

Atom 'Smasher' atom-gpg at suspicious.org
Wed Oct 8 17:56:27 CEST 2003


> Not pointless.  It's possible to construct examples where OTP could be
> useful (say, a signing service or decryption server that does not give
> general access to the encrypted secret keyring), but it is not
> generally useful as a passphrase-protection mechanism.
======================================

in the current form of opie and s/key, i agree... in order for an OTP
mechanism to be helpful in protecting a file, the "standard" opie system
would have to be modified, so even if an attacker had OTP x, it could not
be used to determine OTP x+n (or OTP x-n !!!).

not at all intuitive... the knee-jerk reaction is probably to say that it
can't be done... of course, anyone who's not familiar with s/key or
opie would likely describe those as impossible, too.....


        ...atom

_______________________________________________
PGP key - http://smasher.suspicious.org/pgp.txt
3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
-------------------------------------------------

        "Now about Lankhmar.  She's been invaded, her walls
	 breached everywhere and desperate fighting is going
	 on in the streets, by a fierce host which out-numbers
	 Lankhmar's inhabitants by fifty to one -- and equipped
	 with all modern weapons.  Yet you can save the city."

        "How?" demanded Fafhrd.

         Ningauble shrugged.  "You're a hero.  You should know."
                -- Fritz Leiber, "The Swords of Lankhmar"




More information about the Gnupg-users mailing list