silly password restrictions was:Re: [clug] secure remote access
method
Daniel Pittman
daniel at rimspace.net
Sat Jun 20 07:28:37 GMT 2009
Robert Edwards <bob at cs.anu.edu.au> writes:
> Daniel Pittman wrote:
>> jm <jeffm at ghostgun.com> writes:
> ...
>>
>>> Things such as yubico help.
>>
>> I don't know; recently it seems that serious security vulnerabilities like
>> local reconfiguration of the key without authentication or authorization are
>> possible...
>
> I think I should clarify here that Yubikeys _can_ be secured from
> reconfiguration when reprogrammed with locally known AES 128-bit keys
> and IDs.
Rereading the document at http://security.dj/?p=4 I see that you are right,
and that issue is just with the default configuration. I do agree with you
other assessments of the security risks, though.
Regards,
Daniel
More information about the linux
mailing list