Re: [SAGE] Security tokens

[Steve Willoughby <steve@ichips.intel.com>]

> On Fri, Jan 17, 2003 at 09:10:12AM -0800, Jim Hickstein wrote:

>  Warning, it might be nothing more than OPIE (S/Key) ported to Palm
>  on the one side.
  
[snip description of MITM attack]

>  My thoughts on this have lead me to a deep suspicion of OTP in 
>  general.  OTP is fundamentally there when I can't trust my client
>  software (the copy of ssh on the terminal room computer) or when I
>  have no choice but to run an insecure protocol (telnet).  If I can
>  trust my client software then I don't need OTP.  But if I can't, 
>  I'm not sure I gained much against the possible active MITM!

Actually, a quasi-trivial attack can be made against OTP such as S/Key
without even requiring any kind of MITM arrangement.  Just the ability
to snoop the challenge and response on a cleartext channel like telnet.

So personally, I wouldn't trust OTP in the long term, and if you do use 
it, (1) use it and then run, don't walk, to (2) change your OTP keys once 
you do have a secure channel again.  Between (1) and (2) you're vulnerable.
Better than typing your password in the clear, but not much.

--steve
-- 
Steve Willoughby             | Let thy software go forth amid the hostile
Intel DPG Eng. Computing     | input, accepting liberally and crashing not,
Engineering Apps Development | yet sending forth only harmless output.
<steve@ichips.intel.com>     |     -- Matt 10:16 (programmer's translation)