Joel Uckelman on Thu, 5 Aug 2004 14:22:35 -0500 (CDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [hosers-talk] opie

Thus spake "Jon Stewart":
> > > A dummy account is used so that trusted hosts can log into the real 
> > > account directly, avoiding the OTP rigamarole.
> > > 
> > > Clumsy, but I think it should work.
> > 
> > Two problems:
> > 
> > 1. Some of the machines from which I log in do not have user-accessible
> > USB ports, so carrying around a pen drive with my private key wouldn't
> > help me.
> That sux0rz. When I use another machine, it is almost always Windows with 
> plentiful USB ports.

I often have one of two situations:

1. The machine is locked down in such a way that the USB ports are turned 
2. The machine is sitting somewhere inaccessible.

> > 2. I'm not quite sure that I understand the utility of the dummy account.
> > What exactly do you gain with it over having one account using OTP and
> > logging in directly to that one? You're still safe from keyloggers. Is it
> > just that if your one-time pad generating scheme turns out to have a flaw,
> > then the best that a determined hacker can do is log in to your dummy
> > account?
> So I can log into the real account directly from trusted machines, 
> avoiding the hassle of OTPs, i.e. I can log into martial (linux) from ovid 
> (iMac) directly.

Ok, so the dummy account adds convenience only? If using OTP all the time 
doesn't bother me, then the simpler setup is, well, simpler?


hosers-talk mailing list