| |||||||||||||
Two-factor authenticationTwo-factor authenticationPosted Sep 1, 2011 17:45 UTC (Thu) by skvidal (subscriber, #3094)In reply to: Two-factor authentication by Cato Parent article: kernel.org compromised
To be fair we've had some.... complications implementing yubikeys in Fedora Infrastructure.
The pam integration is... kinda clunky.
personally I've found the google 2-factor auth easier to use.
(Log in to post comments)
Two-factor authentication Posted Sep 2, 2011 7:12 UTC (Fri) by job (guest, #670) [Link]
Replay attacks? That's serious. I believe they are supposed to use some session identifier against that. Do you have more details?
Two-factor authentication Posted Sep 3, 2011 11:00 UTC (Sat) by Cato (subscriber, #7643) [Link]
I found this from 2 years ago - replay attack due to a bug in the Yubico authentication server, since fixed by Yubico: http://www.grennan.com/?p=113
It's up to the authentication server to do the right checks, so perhaps some authentication servers have bugs.
I'd like to see more on this claimed replay attack, too.
Two-factor authentication Posted Sep 10, 2011 6:51 UTC (Sat) by Cato (subscriber, #7643) [Link]
I think this is a reference to the fact that Yubikey's model is event-based one-time passwords, as with HOTP which it does support as an option. These comments include a response from the vendor explaining more and linking to a third party security analysis: http://www.mnxsolutions.com/security/secure-ssh-and-wordp... - the article talks about using Yubikey to secure SSH and WordPress logins.
|
|||||||||||||