| Jon Stewart on Thu, 5 Aug 2004 13:29:43 -0500 (CDT) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [hosers-talk] opie |
> > A dummy account is used so that trusted hosts can log into the real > > account directly, avoiding the OTP rigamarole. > > > > Clumsy, but I think it should work. > > Two problems: > > 1. Some of the machines from which I log in do not have user-accessible > USB ports, so carrying around a pen drive with my private key wouldn't > help me. That sux0rz. When I use another machine, it is almost always Windows with plentiful USB ports. > 2. I'm not quite sure that I understand the utility of the dummy account. > What exactly do you gain with it over having one account using OTP and > logging in directly to that one? You're still safe from keyloggers. Is it > just that if your one-time pad generating scheme turns out to have a flaw, > then the best that a determined hacker can do is log in to your dummy > account? So I can log into the real account directly from trusted machines, avoiding the hassle of OTPs, i.e. I can log into martial (linux) from ovid (iMac) directly. Jon -- Jon Stewart Advanced Los Angeles C++ stew1@xxxxxxxxxxx http://www.alacpp.org _______________________________________________ hosers-talk mailing list hosers-talk@xxxxxxxxxxx http://lists.ellipsis.cx/mailman/listinfo/hosers-talk