On Mon, Dec 11, 2017 at 01:47:50PM +0100, Victor Stinner wrote: > 2017-12-11 13:29 GMT+01:00 Stefan Krah <ste...@bytereef.org>: > > Ssh isn't available everywhere, I don't want to install an app or give > > out my phone number to half of Silicon Valley [1]. > > SMS and FreeOTP are just a few options that you have to generate/get OTP. > > I suggest to use Yubikey. It doesn't need to install an app or to give > your phone number, but it costs 50$. The advantage is that you can use > it to store your SSH and GPG keys.
I'm not a fan of hardware key generation. :-) https://en.wikipedia.org/wiki/YubiKey "In October 2017, security researchers found a vulnerability (known as ROCA) in the implementation of RSA keypair generation in a cryptographic library used by a large number of Infineon security chips. The vulnerability allows an attacker to reconstruct the private key by using the public key.[18][19] All YubiKey 4, YubiKey 4C, and YubiKey 4 nano within the revisions 4.2.6 to 4.3.4 are affected by this vulnerability.[20] Yubico publicized a tool to check if a Yubikey is affected and replaces affected tokens for free.[21]" _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/
