Date: Tue, 18 Jun 2019 14:59:54 +0700 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-security@freebsd.org Subject: Untrusted terminals: OPIE vs security/pam_google_authenticator Message-ID: <20190618075954.GA30296@admin.sibptus.ru>
next in thread | raw e-mail | index | archive | help
--fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear Colleagues, I've used OPIE for many years (and S/Key before that) to login to my system from untrusted terminals (cafes, libraries etc). Now I've read an opinion that OPIE is outdated (and indeed its upstream distribution is gone) and that pam_google_authenticator would be more secure: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237270 Is that truly so? With 20 words in OPIE and only 6 digits in pam_google_authenticator, how strong is pam_google_authenticator against brute force and other attacks? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJdCJn6AAoJEA2k8lmbXsY0s/kH/iNPltrNpBrEdkUD7QYGH1md 1+go/ubYfs3Vnx7Irvu8oBt2eN82iBWyEF8x4K6WuGy2zbxM8VBJXoWKTwlhIjf7 8nGoxhowlJUaov17PClGy/R9meX+Z8cuwtUkwHhLS0FzaobExB7Ibf7eqCdZxoQx GCRluUtGrtOAw073Bxi8iJ5epZJyHmnWHSCABwSegvaZUv+w2Sa9olH6TI3waWIt Jx+oiTPb5CbwsEDjJwH/wxe7yRru25/ahpyEJaDdAq15UOYGzS56yIN+e1KtqHGS ln/k7Z220bXwOXWs1XdBUGWWVnpTVcRfG0eEq33RVYn0SGinkad0g5l8lwTgc0Q= =lbaj -----END PGP SIGNATURE----- --fdj2RfSjLxBAspz7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190618075954.GA30296>