> Aren't USB keys using a challenge and response system where the response is
> only valid when computed with the key. As such the response is accepted only
> once and is difficult, although possible, for a man in the middle steal and
> use before the "real" workstation does
It depends what t
On Mon, 23 Sep 2002, AB Gallun wrote:
> Aren't USB keys using a challenge and response system where the response is
nope, that's secure id card/calculator.
> only valid when computed with the key. As such the response is accepted only
> once and
riginal Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Julius
Szelagiewicz
Sent: Monday, September 23, 2002 9:11 AM
Cc: LTSP Discuss
Subject: Re: [Ltsp-discuss] USB "Keys" LTSP implementation?
Jason,
i just don't see how usb key can be made secure
Jason,
i just don't see how usb key can be made secure. to stop sniffing
attack, the kernel loaded into terminal would have to be able to encrypt
traffic from the keyboard and decrypt traffic from the server. on the
other hand, i've seen a little keyboard port dongle that records all the
k
Julius Szelagiewicz wrote:
>Tim,
> LTSP is inherently vulnerable to network sniffing. as long as
>information travels in plain text over the network, it can be easily
>intercepted. the usb keys are fine, but don't offer real security - they
>can be duplicated with ease. Our only home is tha
Tim,
LTSP is inherently vulnerable to network sniffing. as long as
information travels in plain text over the network, it can be easily
intercepted. the usb keys are fine, but don't offer real security - they
can be duplicated with ease. Our only home is that Jim McQ. will have
enough free
We are currently investigating using USB keys as part of
user authentication to be used at their LTSP workstation.
Has anyone done this type of implementation?
Can anyone forsee any difficulties in having a USB key
at a remote-X workstation authenticating a user running
apps on the main server?