From mboxrd@z Thu Jan 1 00:00:00 1970 From: George Michaelson To: 9fans@cse.psu.edu Subject: Re: [9fans] cryptographic signatures & factotum Message-Id: <20040312100305.62df0a5a@as-tech-l.apnic.net> In-Reply-To: References: <559b5ec89e2cfd991a8152e0ceddc88c@snellwilcox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Fri, 12 Mar 2004 10:03:05 +1000 Topicbox-Message-UUID: 2b402224-eacd-11e9-9e20-41e7f4b1d025 one time pad? easier to port/code than GPG, reasonably secure, easy to deploy. (in the class of hacks to tell the remote to call you back by some trigger event) you could implement a MD5 challenge/response daemon which didn't reveal your token over the wire pretty simply. I've seen mention of some very simple schemes based on sequenced event delivery eg send mail *and* some other event *and* some subsequent event, any one of which is less secure than the combination of all three from the same endpoint. -George