[clug] 2 factor authentication in an era of smartphones

Robert Edwards bob at cs.anu.edu.au
Sun Dec 9 20:46:04 MST 2012

On 10/12/12 13:23, Michael James wrote:
> Dear CLUGers,
> Now that smartphones are ubiquitous
>   it might be time to revisit 2 factor authentication.
> Instead of an RSA key-generating token just use
>   an app to provide a One Time Password generator?
> My musings run along these lines:
>    1)	The app is protected by a locally set password
> 	 required to decrypt it.
>    2)	Once decrypted, the app knows a private key,
> 	 registered with the authenticating system.
>    3)	Key and time provide a One Time Password.
>    4)	Asymmetric keys allow authenticating system
> 	 to check OTP without the ability to generate them???
> But there might be some entirely different system possible these days.
> What are people using/investigating?
> michaelj
> PS:  Security is an illusion caused by lack of imagination.

Yubikey (from Yubico: http://www.yubico.com/) have an open-standards
authentication system that I wrote a server and a soft key for some
years ago. Haven't tried to port the soft key to 'droid yet, but that
could be a pre-LCA2013 holiday project...

My (now old) code at:
with the soft key version in softkey.c


Bob Edwards.

More information about the linux mailing list