opie or s/key with gpg? (fwd)
dshaw at jabberwocky.com
Wed Oct 8 21:13:21 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, Oct 08, 2003 at 04:56:27PM -0700, Atom 'Smasher' wrote:
> > Not pointless. It's possible to construct examples where OTP could be
> > useful (say, a signing service or decryption server that does not give
> > general access to the encrypted secret keyring), but it is not
> > generally useful as a passphrase-protection mechanism.
> in the current form of opie and s/key, i agree... in order for an OTP
> mechanism to be helpful in protecting a file, the "standard" opie system
> would have to be modified, so even if an attacker had OTP x, it could not
> be used to determine OTP x+n (or OTP x-n !!!).
> not at all intuitive... the knee-jerk reaction is probably to say that it
> can't be done... of course, anyone who's not familiar with s/key or
> opie would likely describe those as impossible, too.....
If you come up with a scheme that prevents an attacker from deriving
OTP x+n from OTP x using the hash-x-times methodology in OPIE, I, and
doubtless many others across the Internet, would be quite interested
to see how.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.3-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----
More information about the Gnupg-users