[Noisebridge-discuss] Two factor auth, not SecureID
Jacob Appelbaum
jacob at appelbaum.net
Fri Oct 16 01:31:55 UTC 2009
Seth David Schoen wrote:
> Jacob Appelbaum writes:
>
>> The apk is available from the Market but you can also build it yourself:
>>
>> svn co https://barada.svn.sourceforge.net/svnroot/barada barada
>>
>> There's currently no Gnu/Linux userland app and Moxie said he'd take one
>> if someone wants to write it. I'm looking into it at the moment; it
>> seems like it would be a pretty quick app to hack up...
>
> I haven't used the Market because I've avoided ever creating a Google
> account, so I'm happy to find a source for things outside of it.
>
Ah! I think you should ask Moxie or the other developer to put up the
.apk outside of the Market. That's totally reasonable and probably
worthwhile.
> Can you explain the differences in approach of Barada, OPIE, and
> SRP?
>
I believe Barada was implemented because OPIE is a pain to use. It's bad
to lose the little sheet of paper, etc. I can't really speak to the
practicality of SRP vs RFC4226. Perhaps this second of RFC4226 is relevant:
This work is a joint effort by the OATH (Open AuTHentication)
membership to specify an algorithm that can be freely distributed to
the technical community. The authors believe that a common and
shared algorithm will facilitate adoption of two-factor
authentication on the Internet by enabling interoperability across
commercial and open-source implementations.
> Is SHA1-HMAC affected by any of the cryptanalytic problems with SHA-1?
I am not sure. I guess that's probably a bad thing to be unsure about.
Best,
Jake
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 155 bytes
Desc: OpenPGP digital signature
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20091015/3aaf1c5d/attachment-0003.sig>
More information about the Noisebridge-discuss
mailing list