(keitai-l) Re: bwute! [i-mode ssh]

From: Marc Printz <Marc.Printz_at_724.com>
Date: 12/14/01
Message-ID: <19A252AE8B23D511A1EF00B0D0AB52E84A46E3@inffrimail01.fri.724.com>
A good cure is usually: 

Bruce Schneier's "Applied Cryptography"
http://slashdot.org/books/99/03/11/1623221.shtml

If you need a little better security, check out
http://www.qubit.org/intros/crypt.html
http://www.cs.mcgill.ca/~crepeau/CRYPTO/Biblio-QC.html

Have fun!
Marc
;-)


> -----Original Message-----
> From: Wolfgang Slany [mailto:wsi@dbai.tuwien.ac.at]
> 
> On Thu, 13 Dec 2001, Wolfgang Slany wrote:
> > You are right (shock !), so I enhanced the script to 
> one-time passwords.
> > So how's that?
> 
> Just realized that this is also prone to powerful but feasible
> man-in-the-middle attacks. BTW, this is also true for ssl and 
> the average
> ssh session;  in fact one must be very careful and trust only 
> ssh sessions
> where the keys were never transmitted over a network or were on a
> compromisable computer.
> 
> So, in summary a good ssh iapply that always has the newest 
> patches (after
> carefully checking them against trojans) and a user who is 
> very cautious
> would be necessary to do it as securely as momentarily possible.
> 
> Not so easy after all ...
> 
> Wolfgang
> 
Received on Fri Dec 14 14:48:47 2001