| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <439038E4.9558.2C79C48C@gmail.com> Date: Thu Dec 1 23:07:11 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Most common keystroke loggers? php0t wrote: [top-posting-itis corrected] > > I agree but what about the second random password and challenge > > authentification? Both should be unique and usage once. > > How'bout adding direct printing on lpt of new one-time usage passwords? :) So you will limit access to your services to only those that happen to have a printer with them? Note to self -- buy larger laptop carry bag and "protable" printer so can keep using online banking... 8-) > In order to get the passwords, they'd have to hook the printing, too. Not > too common, yet. In fact, so uncommon I've not heard of it. Irrelevant though -- it is far too easily broken and if the OP is trying to protect anything sufficiently "valuable" you can bet it will be broken, as doing so is just too easy... (And I won't even get started on the need of such a web-based system to require ActiveX and/or system-access privileged Java applets to work at all "properly", but will note that, as a general rule, if you need your users to lower or weaken the security of their machines to improve the security of your system, then there is something fundamentally borked in _your_ design!) Regards, Nick FitzGerald
Powered by blists - more mailing lists