[lug] OTP
David L. Anselmi
anselmi at anselmi.us
Tue Jun 11 11:53:04 MDT 2013
Davide Del Vento wrote:
> I'm switching subject since we're switching topic.
>
>>> Still, I like https://www.yubico.com/products/yubikey-hardware/yubikey/
>>> better
>>
>> You need a separate one for each account you want to authenticate, don't
>> you?
>
> Yes and no. If the account providers agree, they can let me use the
> same one for more than one account.
That would mean that your providers have access to your other accounts, which you might not want.
That's the advantage public key algorithms have over OTPs.
>> I like smart cards.
>
> Yes, but then you need a reader, and how do you know the reader is not
> compromised if you use a shared one? What if the computer you want to
> use oversee at an internet cafe does not have the smart card reader?
> And if you need many smart cards (do you? I dunno, maybe you can
> program one with all your accounts) your wallet become very thick
> (mine is already too thick). More details?
So smart cards do public keys. You only need one pair and the public one can be shared with all
your providers (so one card, one PIN only). The private key doesn't leave the card so the only
thing compromised hardware gets is your PIN.
You do need more infrastructure to support smart cards but as a user I'd much rather have one ID
that gets me in everywhere rather than need a separate one each place I go.
Dave
More information about the LUG
mailing list