>>>>> "Greg" == Greg A Woods <[EMAIL PROTECTED]> writes:
Greg> [ On Thursday, February 11, 1999 at 11:39:47 (+0100), Peter Svensson wrote: ]
>>
>> An example of such a system is one which requires authentication of _all_
>> your actions through a trusted device. This in effect moves the terminal
>> client to the trusted device.
Greg> No, it does not.
Greg> You say you are talking about keys and authentication schemes, but then
Greg> you say that you don't trust the computing device on which the SSH
Greg> client software runs. These are two entirely different and separate
Greg> things.
OK folks, this has become completely non-productive. You're yelling past
each other, with no benefit.
Lets take an example, just for fun:
A friend's machine Evil has been hacked. It's logging all keystrokes,
unbeknownst to said friend.
I log in to Evil, and use SSH to log in to my home machine
I do some stuff, and log off.
31331 hacker Fred logs into Evil, and grabs the keystroke logs
Now, if I logged in with an RSA key, or a re-useable password, I'm fucked.
If, on the other hand, I logged in with a One Time Password, I'm safe, for
some values of safe (did I type any passwords on my network while I was
logged in?)
Take another scenario - this time Fred has also replaced ssh on Evil with a
version that installs trojans on any machine ssh connects successfully to,
and hides it's actions by swallowing terminal output from its commands.
I am now still fucked if I used any re-useable auth.
I am now also fucked if I used OTPs, and Fred was clever enough in his
trojans to create a hole in my home machine.
So, an untrusted client is unsafe. An untrusted client using OTPs is _less_
unsafe that one using some re-useable auth system.
Can we all agree on this?
--
Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
