> Ultimately I wonder how much of a future S/Key has now that SSH and > similar utilities are widely deployed and provide much more > sophisticated protections, especially session encryption. Discussing how one could displace the other is not logical - ssh and s/key address two distinct security challenges. ssh by itself provides advanced confidentiality and basic authentication; s/key by itself provides advanced authentication and no confidentiality. Suggesting ssh may replace s/key is like saying "telnet might replace /bin/login". The future of s/key is probably what it always has been: an otp supplement to the basic Un*x password authentication, regardless of what the access method (ssh, rsh, serial terminal) is. Some sites I have worked with implement both: - enforced rsa authentication for remote access via ssh - s/key authentication for privileged account access. No security technology or procedure is ultimately secure; it's just a matter of time before l0pht cracks it. Regards, -- Dan Frasnelli Security analyst
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:31:51 PDT