On Thu, Jan 27, 2000 at 09:40:35AM -0500, Brandon Palmer wrote: > > Ultimately I wonder how much of a future S/Key has now that SSH and > > similar utilities are widely deployed and provide much more > > sophisticated protections, especially session encryption. > > I think there is definatly still a need. There are many cases in which I > am not on a machine what has ssh (ie some public telnet shell). Though > the session is not encrypted, my password is still safe. Until ssh-java > shells are common, s/key still has it's place. This indicates a rather common misconception. SSH-Java shells should NOT make a public terminal trusted for your password; the TERMINAL is insecure, and is rather likely to be running a keystroke logger. SSH only makes the connection from the box it runs on to the box in the other end secure. Eivind.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:05 PDT