How to address the real problem, a compromised client
Posted by: Anonymous
[ip: 69.17.73.250]
on March 19, 2008 08:47 PM
The real problem is what to do about client machines that have been compromised and are logging every keystroke and every character before encryption for transmission and after decryption for display. The answer is one time passwords, aka one-time pad (OTP) -- opie in LInux, skey in OpenBSD, etc. Of course, all information transmitted must be considered public, but this simply means that care must be taken to avoid revealing secrets. OTPs allow much useful work to be done from potentially compromised machines, without worrying about compromising access to the remotely administered machines.
Learn about Linux
Download Linux
Get Linux help
How to address the real problem, a compromised client
Posted by: Anonymous [ip: 69.17.73.250] on March 19, 2008 08:47 PMThe real problem is what to do about client machines that have been compromised and are logging every keystroke and every character before encryption for transmission and after decryption for display. The answer is one time passwords, aka one-time pad (OTP) -- opie in LInux, skey in OpenBSD, etc. Of course, all information transmitted must be considered public, but this simply means that care must be taken to avoid revealing secrets. OTPs allow much useful work to be done from potentially compromised machines, without worrying about compromising access to the remotely administered machines.
Karl O. Pinc <kop@meme.com>
#