From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <40510FE8.50709@nospam.com> From: bs User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 MIME-Version: 1.0 To: 9fans@cse.psu.edu Subject: Re: [9fans] cryptographic signatures & factotum References: <20040312100305.62df0a5a@as-tech-l.apnic.net> In-Reply-To: <20040312100305.62df0a5a@as-tech-l.apnic.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 11 Mar 2004 20:18:32 -0500 Topicbox-Message-UUID: 2b6941d6-eacd-11e9-9e20-41e7f4b1d025 George Michaelson wrote: > one time pad? > > easier to port/code than GPG, reasonably secure, easy to deploy. > > (in the class of hacks to tell the remote to call you back by some trigger event) > > you could implement a MD5 challenge/response daemon which didn't reveal your > token over the wire pretty simply. > > I've seen mention of some very simple schemes based on sequenced event delivery > eg send mail *and* some other event *and* some subsequent event, any one of > which is less secure than the combination of all three from the same endpoint. > > -George SASL & OTP (one time password)?