Bugtraq mailing list archives
Re: otp - the next generation
From: Szilveszter Adam <sziszi () PETRA HOS U-SZEGED HU>
Date: Fri, 23 Mar 2001 00:35:44 +0100
Hello, Although the system you present is interesting and promising, (and I have not heard of any such systems for Linux yet, athough commercial solutions of this kind already exist) but I would like to focus everybody's attention on two minor things. 1) AFAIK mobile communications are *not* encrypted. This means that... yes, you guessed it. It is more difficult than the average wire-sniff attack but only because there are fewer tools out there from the likes of tcpdump(1). 2) Also, all SMS-es go through the mobile service provider's SMS center or whatever it is called in English. If the phone you are authenticating to belongs to a different provider, than even two such centers are used. Of course, manipulating messages (or even just reading them) there would require access to the GSM providers infrastructure, but it is another facet you shouldn't neglect. This, of course, is nothing new:-) But in this wireless age when mobile communications is becoming more and more important I guess we'll need a new approach to security and soon such statements will be as routine as "telnet transmits passwds in the clear" is now. But until then it never hurts to repeat them:-) Good luck with your studies & work in the USA, Lukasz! -- Regards: Szilveszter ADAM Szeged University Szeged Hungary
Current thread:
- otp - the next generation Lukasz Luzar (Mar 22)
- Re: otp - the next generation Szilveszter Adam (Mar 23)
- Re: otp - the next generation Casper Dik (Mar 23)
- Re: otp - the next generation Denis A. Doroshenko (Mar 23)
- Re: otp - the next generation Gregory Steuck (Mar 23)
- Re: otp - the next generation Tollef Fog Heen (Mar 23)
- Re: otp - the next generation Ben Laurie (Mar 23)
- Re: otp - the next generation Dag-Erling Smorgrav (Mar 23)
- Re: otp - the next generation Tristam Fenton-May (Mar 23)
- <Possible follow-ups>
- Re: otp - the next generation Elias Levy (Mar 23)
- Re: otp - the next generation Szilveszter Adam (Mar 23)