(keitai-l) Re: bwute! [i-mode ssh]

From: Wolfgang Slany <wsi_at_dbai.tuwien.ac.at>
Date: 12/13/01
Message-ID: <Pine.BSF.4.43.0112131241400.6186-100000@deneb.dbai.tuwien.ac.at>
On Thu, 13 Dec 2001, Wolfgang Slany wrote:
> You are right (shock !), so I enhanced the script to one-time passwords.
> So how's that?

Just realized that this is also prone to powerful but feasible
man-in-the-middle attacks. BTW, this is also true for ssl and the average
ssh session;  in fact one must be very careful and trust only ssh sessions
where the keys were never transmitted over a network or were on a
compromisable computer.

So, in summary a good ssh iapply that always has the newest patches (after
carefully checking them against trojans) and a user who is very cautious
would be necessary to do it as securely as momentarily possible.

Not so easy after all ...

Wolfgang
Received on Thu Dec 13 13:55:35 2001