On 16 feb 2010, at 12.06, Peter N. M. Hansteen wrote: > Per-Olov Sjvholm <p...@incedo.org> writes: > >> None said anything about a password.. From where did you get that? I don't >> have a plain text password. > > A port knocking sequence is for most purposes a password, encoded in a > 16 bit alphabet. That's it - port numbers run from 0 through 64k, > although the practical range for portknocking purposes would likely > exclude the more commonly used ones, mainly in the lower parts. > > I've been in the process of almost getting around to writing an > article about how this limits the usefulness of portknocking as a > security measure, there's always the question of round tuits. > keywords: is your password more secure if it's stored as unicode?, the > well known password guessing botnets, and so forth. > > The question of proporitonality, as in the importance of your data vs > the strength of your security measures is certainly relevant, but you > should also take into consideration how much complexity any given > security measure adds to your setup versus the actual gain in security. > Hm. There might actually be an article in there. > > - P > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >
We want to lock RSS to our own clients floating around in cyberspace. As there is not widely spread with authentication in RSS clients, authentication is not usable. Therefor we have to come up with a different approach. As we want you use Igoogle and phones etc we have to use something that works from all places. The content is not a secret, but something you have to pay a little for. So... not critical. Or course you could authenticate with a web browser and then trigger to open in PF. Probably a little better than just the access to a dummy IP on a dummy port. But still not as good as I would like. SSH and authpf is as far as I know now not possible as the SSH client will freeze in the Iphone (which is widely used here) when going into background and swtiching to the RSS client. So if anybody can come up with a better approach I will be very happy. Otherwise I have to create my pflog device parser myself as obviously none in this forum have seen anything similar. Thanks Per-Olov -- GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 GPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x766ED29D5231C0C4
