A good cure is usually:
Bruce Schneier's "Applied Cryptography"
http://slashdot.org/books/99/03/11/1623221.shtml
If you need a little better security, check out
http://www.qubit.org/intros/crypt.html
http://www.cs.mcgill.ca/~crepeau/CRYPTO/Biblio-QC.html
Have fun!
Marc
;-)
> -----Original Message-----
> From: Wolfgang Slany [mailto:wsi@dbai.tuwien.ac.at]
>
> On Thu, 13 Dec 2001, Wolfgang Slany wrote:
> > You are right (shock !), so I enhanced the script to
> one-time passwords.
> > So how's that?
>
> Just realized that this is also prone to powerful but feasible
> man-in-the-middle attacks. BTW, this is also true for ssl and
> the average
> ssh session; in fact one must be very careful and trust only
> ssh sessions
> where the keys were never transmitted over a network or were on a
> compromisable computer.
>
> So, in summary a good ssh iapply that always has the newest
> patches (after
> carefully checking them against trojans) and a user who is
> very cautious
> would be necessary to do it as securely as momentarily possible.
>
> Not so easy after all ...
>
> Wolfgang
>
Received on Fri Dec 14 14:48:47 2001