[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Otpasswd-talk] Using OTP to kind of fix MITM.
From: |
Tomasz bla Fortuna |
Subject: |
Re: [Otpasswd-talk] Using OTP to kind of fix MITM. |
Date: |
Tue, 22 Dec 2009 17:56:02 +0100 |
Dnia Tue, 22 Dec 2009 11:19:52 -0500
Luke Faraone <address@hidden> napisaĆ(a):
> On Tue, Dec 22, 2009 at 10:52, Tomasz bla Fortuna <address@hidden>
> wrote:
>
> > Problem is with size. Passcards would have to be reorganized
> > somehow. Label can be currently only 29 character long, which is
> > not enough to fit fingerprint [...]
> > Is it hard to create a key with same 6 fields of fingerprint?
> >
>
> It is computationally feasible with today's technology.
>
> Would it be acceptable to split the key along multiple lines?
I guess.
But it won't fit all:
0f:8a:4e:23:89:74:92:6c:1a:d1:7b:2f:0b:f0:d1:cf
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
Let's see. It generally won't fit simply horizontally nor vertically:
Reactor [1] 01
A B C D E F G 02
1: wU7L Gpo5 #JW6 taB: huCz 8KE+ XuHm 03
2: %gHt WAgM !z8j gf=C fecp iqNa sxLV 04
3: zY2P CbHj T%LF k8dm f#qr qDSe 8JBe 05
4: tKg? tf8D 9t8E gLWG zruA 6jCx aoqi 06
5: ?kKD MyUP xyB+ aL%H 7AAY 8CNY jXBs 07
6: z4iJ RKtT VTks eyjt ecgY !Ap8 syYg 08
7: rhXP dwxk SBzb Vs6H opCN =J9J p%39 09
8: gYNB mW+S SJDS Xhx8 RLqe VncW MMs2 10
9: NsFT 4s!@ ntJA didp u#Wu 2UBB %o#P 11
10: vLnn f!Kt xuT8 FhH: bZA= hRhK MChS 12 <- 4 blocks omitted
01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:16 <- won't fit
0102:0304:0506:0708:0910:1112:1314:1516 <- some : removed
0102:0304:0506:07080910:1112:1314:1516 <- this fits
Removing some : and putting horizontally might be easiest way to fit
whole key while retaining some readability.
LaTeX output would have to have to pages. Second with random art +
finger print.
Back page could look like this:
xxxxxxxxpasscard width marker xxxxxxxx
01: Hostname
02: 01:02:03:04:05:06:07:08
03: | o. .=.. |
04: | .+ o= o |
05: | .. o..+ = |
06: | . . o B o |
07: |. o S + |
08: |.o . . |
09: |o E |
10: | . |
11: | |
12: 09:10:11:12:13:14:15:16
Or:
xxxxxxxxpasscard width marker xxxxxxxx
01: Hostname
02: +--[ RSA 2048]----+
03: | o. .=.. | Fingerprint:
04: | .+ o= o | 01:02:03:04
05: | .. o..+ = | 05:06:07:08
06: | . . o B o | 09:10:11:12
07: |. o S + | 13:14:15:16
08: |.o . . |
09: |o E |
10: | . |
11: | |
12: +-----------------+
Printing would have to be fairly accurate as the vertical space is
a little.
>
> Also we can place randomart on the back of passcard. It might be a bit
> > tricky to
> > print still. Can PuTTY display randomart?
> >
>
> Not currently. I'll send in a feature request, and will see if the
> algorithm can be extracted from OpenSSH.
>
>
> > We can put whole fingerprint at the end of each passcard; still
> > I've got no idea how to retrieve it from ssh in a program.
> >
>
> $ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
> 2048 0f:8a:4e:23:89:74:92:6c:1a:d1:7b:2f:0b:f0:d1:cf
> /etc/ssh/ssh_host_rsa_key.pub (RSA)
>
This is not perfect as location of keyfile depends on sshd_config
entries which would have to be parsed... But I guess there's no other
way as to call something in terminal and harvest the result.
I thought about simply using API from OpenSSL somehow.
--
Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu
www: http://bla.thera.be
signature.asc
Description: PGP signature
- [Otpasswd-talk] Using OTP to kind of fix MITM., Tomasz bla Fortuna, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Tomasz bla Fortuna, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Luke Faraone, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Tomasz bla Fortuna, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Hannes Beinert, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Tomasz bla Fortuna, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Luke Faraone, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Hannes Beinert, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Luke Faraone, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Tomasz bla Fortuna, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Hannes Beinert, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Luke Faraone, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Hannes Beinert, 2009/12/22
- Re: [Otpasswd-talk] Using OTP to kind of fix MITM., Tomasz bla Fortuna, 2009/12/22