two factor authentication
Darren Tucker
dtucker at zip.com.au
Sun Jul 23 13:32:46 EST 2006
William Ahern wrote:
> On Sun, Jul 23, 2006 at 10:16:12AM +1000, Darren Tucker wrote:
>> Going back to the first part: while requiring both password and
>> public-key would probably improve security, personally I think the
>> private key is another instance of "something you know" (although with
>> the useful property of being able to prove you know it without
>> disclosing it) since it can be copied, printed out, emailed...
>
> Excluding public keys exported from a smart card. For real smart cards (i.e.
> not USB memory sticks w/ a PKCS#11 library), the private key is not known
> even by the user holding the card (unless you work at IBM and own an
> electron scanning microscope).
That's true, and I should have mentioned it. My statement above applies
only to the standard file-based public-key authentication (ie
~/.ssh/id_rsa and friends).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list