Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.lang.java.security > #164
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!feeder1.hal-mli.net!nx01.iad01.newshosting.com!newshosting.com!news-out.readnews.com!news-xxxfer.readnews.com!news-out.news.tds.net!newsreading01.news.tds.net!86597e80!not-for-mail |
|---|---|
| From | "Wojtek" <wojtek@THRWHITE.remove-dii-this> |
| Subject | Re: OTP one time password |
| Message-ID | <mn.41a87d898c2cdc5c.70216@a.com> (permalink) |
| X-Comment-To | comp.lang.java.security |
| Newsgroups | comp.lang.java.security |
| In-Reply-To | <m9o0c45rgjlkiohgov9dsdqo4o5s8r1878@4ax.com> |
| References | <m9o0c45rgjlkiohgov9dsdqo4o5s8r1878@4ax.com> |
| Content-Type | text/plain; charset=IBM437 |
| Content-Transfer-Encoding | 8bit |
| X-Gateway | time.synchro.net [Synchronet 3.15a-Win32 NewsLink 1.92] |
| Lines | 40 |
| Date | Wed, 27 Apr 2011 16:08:31 GMT |
| NNTP-Posting-Host | 96.60.20.240 |
| X-Complaints-To | news@tds.net |
| X-Trace | newsreading01.news.tds.net 1303920511 96.60.20.240 (Wed, 27 Apr 2011 11:08:31 CDT) |
| NNTP-Posting-Date | Wed, 27 Apr 2011 11:08:31 CDT |
| Organization | TDS.net |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.java.security:164 |
Show key headers only | View raw
To: comp.lang.java.security Roedy Green wrote : > I am curious about OTP fobs. My sister said they use them at work. > She said she has to key a number that displays on the fob. This > strikes me an unnecessary and just a source of error. Surely the fob > could insert the password, but then why bother with the display? > > Is there some reason for keying it? It is just lazy software writing? You are thinking of USB? I can think of some reasons. Legacy - When these were invented, USB did not exist. And it would be really awkward to plug the FOB into a serial port. If the s/w is on a USB key, then someone could potentially copy the s/w without your knowledge. This would create secret duplicate key FOB. If I remember right, the FOBs do not have a replaceble battery. The entire thing is sealed to prevent possible intrusions. A USB key would need an app on the user's computer to be able to read the FOB. With a value you key in, any machine with a Web browser could be used. > I understand it works by having a clock synched with the server to > change passwords every 30 seconds or so. Yes that is how it works. And the server also allows the previous/next password within a short window, in case the roll over is not exactly synched. -- Wojtek :-) --- * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet! --- Synchronet 3.15a-Win32 NewsLink 1.92 Time Warp of the Future BBS - telnet://time.synchro.net:24
Back to comp.lang.java.security | Previous | Next — Previous in thread | Next in thread | Find similar
OTP one time password "Roedy Green" <roedy.green@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
Re: OTP one time password "Wojtek" <wojtek@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
Re: OTP one time password "David Kerber" <david.kerber@THRWHITE.remove-dii-this> - 2011-04-27 16:08 +0000
csiph-web