| Joel Uckelman on Thu, 5 Aug 2004 14:22:35 -0500 (CDT) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [hosers-talk] opie |
Thus spake "Jon Stewart": > > > A dummy account is used so that trusted hosts can log into the real > > > account directly, avoiding the OTP rigamarole. > > > > > > Clumsy, but I think it should work. > > > > Two problems: > > > > 1. Some of the machines from which I log in do not have user-accessible > > USB ports, so carrying around a pen drive with my private key wouldn't > > help me. > > > That sux0rz. When I use another machine, it is almost always Windows with > plentiful USB ports. I often have one of two situations: 1. The machine is locked down in such a way that the USB ports are turned off. 2. The machine is sitting somewhere inaccessible. > > 2. I'm not quite sure that I understand the utility of the dummy account. > > What exactly do you gain with it over having one account using OTP and > > logging in directly to that one? You're still safe from keyloggers. Is it > > just that if your one-time pad generating scheme turns out to have a flaw, > > then the best that a determined hacker can do is log in to your dummy > > account? > > So I can log into the real account directly from trusted machines, > avoiding the hassle of OTPs, i.e. I can log into martial (linux) from ovid > (iMac) directly. Ok, so the dummy account adds convenience only? If using OTP all the time doesn't bother me, then the simpler setup is, well, simpler? -- J. _______________________________________________ hosers-talk mailing list hosers-talk@xxxxxxxxxxx http://lists.ellipsis.cx/mailman/listinfo/hosers-talk