"Robert G. Brown" <[email protected]> writes: > On Tue, 24 Mar 2009, Billy Crook wrote: > >> And if your users don't like typing long random things in, but you >> still want them to use one-time credentials: >> http://www.yubico.com/products/yubikey/ > > This one I had found -- it isn't exactly like the secureid thing, but it > looks like it would work in a self-sufficient way, and one can > overload/reload it with your own AES keys so that you really aren't > relying in any way on a third party for authentication.
The Yubikey is really nifty. (Of course, it's Swedish. 8^) ) I like the price and the form factor, and the really clever, in-hindsight-obvious idea of the Yubikey pretending to be a USB keyboard and entering the OTP for you. The one thing I dislike is that it is based on a symmetric scheme. All AES keys are stored on the authentication server. If the authentication server ever gets compromised, you have to replace or rekey your entire deployed base of Yubikeys. -- Leif Nixon - Systems expert ------------------------------------------------------------ National Supercomputer Centre - Linkoping University ------------------------------------------------------------ _______________________________________________ Beowulf mailing list, [email protected] To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
