Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.security > #166
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!feeder1.hal-mli.net!nx01.iad01.newshosting.com!newshosting.com!news-out.readnews.com!transit3.readnews.com!news-out.news.tds.net!newsreading01.news.tds.net!86597e80!not-for-mail |
|---|---|
| From | "David Kerber" <david.kerber@THRWHITE.remove-dii-this> |
| Subject | Re: OTP one time password |
| Message-ID | <MPG.232f3a8a699782989683@news.east.cox.net> (permalink) |
| X-Comment-To | comp.lang.java.security |
| Newsgroups | comp.lang.java.security |
| In-Reply-To | <mn.41a87d898c2cdc5c.70216@a.com> |
| References | <mn.41a87d898c2cdc5c.70216@a.com> |
| Content-Type | text/plain; charset=IBM437 |
| Content-Transfer-Encoding | 8bit |
| X-Gateway | time.synchro.net [Synchronet 3.15a-Win32 NewsLink 1.92] |
| Lines | 52 |
| Date | Wed, 27 Apr 2011 16:08:32 GMT |
| NNTP-Posting-Host | 96.60.20.240 |
| X-Complaints-To | news@tds.net |
| X-Trace | newsreading01.news.tds.net 1303920512 96.60.20.240 (Wed, 27 Apr 2011 11:08:32 CDT) |
| NNTP-Posting-Date | Wed, 27 Apr 2011 11:08:32 CDT |
| Organization | TDS.net |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.java.security:166 |
Show key headers only | View raw
To: comp.lang.java.security In article <mn.41a87d898c2cdc5c.70216@a.com>, nowhere@a.com says... > Roedy Green wrote : > > I am curious about OTP fobs. My sister said they use them at work. > > She said she has to key a number that displays on the fob. This > > strikes me an unnecessary and just a source of error. Surely the fob > > could insert the password, but then why bother with the display? > > > > Is there some reason for keying it? It is just lazy software writing? > > You are thinking of USB? > > I can think of some reasons. > > Legacy - When these were invented, USB did not exist. And it would be > really awkward to plug the FOB into a serial port. > > If the s/w is on a USB key, then someone could potentially copy the s/w > without your knowledge. This would create secret duplicate key FOB. > > If I remember right, the FOBs do not have a replaceble battery. The > entire thing is sealed to prevent possible intrusions. > > A USB key would need an app on the user's computer to be able to read > the FOB. With a value you key in, any machine with a Web browser could > be used. > > > I understand it works by having a clock synched with the server to > > change passwords every 30 seconds or so. > > Yes that is how it works. And the server also allows the previous/next > password within a short window, in case the roll over is not exactly > synched. Often it also requires a user-know password in addition to the number on the fob, to ensure that just stealing the fob itself isn't enough to enable unauthorized users to get access. -- /~\ The ASCII \ / Ribbon Campaign X Against HTML / \ Email! Remove the ns_ from if replying by e-mail (but keep posts in the newsgroups if possible). --- * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet! --- Synchronet 3.15a-Win32 NewsLink 1.92 Time Warp of the Future BBS - telnet://time.synchro.net:24
Back to comp.lang.java.security | Previous | Next — Previous in thread | Find similar
OTP one time password "Roedy Green" <roedy.green@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
Re: OTP one time password "Wojtek" <wojtek@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
Re: OTP one time password "David Kerber" <david.kerber@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
csiph-web