Re: [SAGE] Security tokens

[Jim <jimd@starshine.org>]

On Mon, Jan 20, 2003 at 11:49:32AM -0800, Steve Willoughby wrote:
>> On Fri, Jan 17, 2003 at 09:10:12AM -0800, Jim Hickstein wrote:
 
>>  Warning, it might be nothing more than OPIE (S/Key) ported to Palm
>>  on the one side.
   
> [snip description of MITM attack]
 
>>  My thoughts on this have lead me to a deep suspicion of OTP in 
>>  general.  OTP is fundamentally there when I can't trust my client
>>  software (the copy of ssh on the terminal room computer) or when I
>>  have no choice but to run an insecure protocol (telnet).  If I can
>>  trust my client software then I don't need OTP.  But if I can't, 
>>  I'm not sure I gained much against the possible active MITM!
 
> Actually, a quasi-trivial attack can be made against OTP such as S/Key
> without even requiring any kind of MITM arrangement.  Just the ability
> to snoop the challenge and response on a cleartext channel like telnet.

> So personally, I wouldn't trust OTP in the long term, and if you do use 
> it, (1) use it and then run, don't walk, to (2) change your OTP keys once 
> you do have a secure channel again.  Between (1) and (2) you're vulnerable.
> Better than typing your password in the clear, but not much.

 Are you referring to the Monkey variation of crack?  I was not going
 to bring that one up --- but I'm aware of that problem, too.  

--
Jim Dennis