On Mon, Mar 30, 2009 at 11:57 AM, Dennis Gilmore <dennis@xxxxxxxx> wrote: > So doing a liitle looking around I cane across some options that look > interesting, the following options would mean you need to physically have > something to login. > > yubikey > http://www.yubico.com/products/yubikey/ > It would require a pam module and for us to setup a server for managing keys. > it looks to be fairly low cost. it would implement a 2 facter > authentication. > > etoken > http://www.aladdin.com/etoken/devices/pro-usb.aspx > These do look interesting and maybe better than the S/Key 64 bit key. I remember some bad stories about one of the 'Aladdin' companies (there are quite a few who use that name for security products).. but not sure which. The bigger question is who can we get some 'professional' opinions from? My crypto math is not good so I could not give an opinion of whether one usage of AES-128 versus another usage was equivalent, better, or worse. I would hate for us to end up with any solution that would end up on Shneier's Snake Oil pages. [I remember one token device that some people I know evaluated a while back that while it stored the key encrypted in AES-128 etc.. it had a register where it stored the unencrypted user token and could be looked at under any OS other than Windows.] -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
