Skip to main content
Information Security

Return to Answer

replaced http://unix.stackexchange.com/ with https://unix.stackexchange.com/
Source Link
Community Bot
Community Bot
  • 1

Assumptions. As I understand it, you are only concerned about eavesdropping: e.g., that the folks who are monitoring you might record everything you do, and fail to adequately secure those records. You are not worried that they will be actively malicious. For instance, they won't mount a man-in-the-middle attack on you.

Advice. Given this threat model, I think any external authenticator would likely work. For instance, here are three options, any of which should address your needs:

  • Authenticating with a RSA SecurID card would address your concerns, because the SecurID card generates a time-dependent single-use authenticator that is not useful to an attacker if it is subsequently exposed.

  • Another reasonable option would be a smartcard that stores a client cert and private key, and then authenticate using SSL client certs; this is secure, because your private key never leaves the smartcard, and even if the monitors capture the challenge-response values sent over SSL, they won't do any good to an attacker after they are used.

  • You could also use a one-time passwords. The one-time password will be recorded, but even if those records later leak, the password will already have been used and will no longer be valid, so it won't be of any use to an attacker.

  • Another possibility would be to use OpenID to authenticate to the website. That still leaves the question of how to authenticate to your OpenID provider, but if you can find an OpenID provider who will allow users to authenticate themselves by any of the three methods above, then you'd be in great shape -- this would let you log in securely to any website that supports OpenID.

  • Beyond the web, if you want to log in to another computer remotely, you could log in via SSH with public-key authentication, with your private key stored on a smartcard. SSH lets you store your private key on a smartcard, so the folks monitoring you never learn your private key (see also here, herehere, and here).

Basically, the common theme here is to use crypto (e.g., public-key crypto) instead of passwords for authentication.

The primary challenge is that all of these methods require some kind of support from the site you are logging into. If the site doesn't support one-time passwords, SecurID, client certs, OpenID, or SSH -- if it only supports ordinary password authentication -- you're hosed.

Assumptions. As I understand it, you are only concerned about eavesdropping: e.g., that the folks who are monitoring you might record everything you do, and fail to adequately secure those records. You are not worried that they will be actively malicious. For instance, they won't mount a man-in-the-middle attack on you.

Advice. Given this threat model, I think any external authenticator would likely work. For instance, here are three options, any of which should address your needs:

  • Authenticating with a RSA SecurID card would address your concerns, because the SecurID card generates a time-dependent single-use authenticator that is not useful to an attacker if it is subsequently exposed.

  • Another reasonable option would be a smartcard that stores a client cert and private key, and then authenticate using SSL client certs; this is secure, because your private key never leaves the smartcard, and even if the monitors capture the challenge-response values sent over SSL, they won't do any good to an attacker after they are used.

  • You could also use a one-time passwords. The one-time password will be recorded, but even if those records later leak, the password will already have been used and will no longer be valid, so it won't be of any use to an attacker.

  • Another possibility would be to use OpenID to authenticate to the website. That still leaves the question of how to authenticate to your OpenID provider, but if you can find an OpenID provider who will allow users to authenticate themselves by any of the three methods above, then you'd be in great shape -- this would let you log in securely to any website that supports OpenID.

  • Beyond the web, if you want to log in to another computer remotely, you could log in via SSH with public-key authentication, with your private key stored on a smartcard. SSH lets you store your private key on a smartcard, so the folks monitoring you never learn your private key (see also here, here, and here).

Basically, the common theme here is to use crypto (e.g., public-key crypto) instead of passwords for authentication.

The primary challenge is that all of these methods require some kind of support from the site you are logging into. If the site doesn't support one-time passwords, SecurID, client certs, OpenID, or SSH -- if it only supports ordinary password authentication -- you're hosed.

Assumptions. As I understand it, you are only concerned about eavesdropping: e.g., that the folks who are monitoring you might record everything you do, and fail to adequately secure those records. You are not worried that they will be actively malicious. For instance, they won't mount a man-in-the-middle attack on you.

Advice. Given this threat model, I think any external authenticator would likely work. For instance, here are three options, any of which should address your needs:

  • Authenticating with a RSA SecurID card would address your concerns, because the SecurID card generates a time-dependent single-use authenticator that is not useful to an attacker if it is subsequently exposed.

  • Another reasonable option would be a smartcard that stores a client cert and private key, and then authenticate using SSL client certs; this is secure, because your private key never leaves the smartcard, and even if the monitors capture the challenge-response values sent over SSL, they won't do any good to an attacker after they are used.

  • You could also use a one-time passwords. The one-time password will be recorded, but even if those records later leak, the password will already have been used and will no longer be valid, so it won't be of any use to an attacker.

  • Another possibility would be to use OpenID to authenticate to the website. That still leaves the question of how to authenticate to your OpenID provider, but if you can find an OpenID provider who will allow users to authenticate themselves by any of the three methods above, then you'd be in great shape -- this would let you log in securely to any website that supports OpenID.

  • Beyond the web, if you want to log in to another computer remotely, you could log in via SSH with public-key authentication, with your private key stored on a smartcard. SSH lets you store your private key on a smartcard, so the folks monitoring you never learn your private key (see also here, here, and here).

Basically, the common theme here is to use crypto (e.g., public-key crypto) instead of passwords for authentication.

The primary challenge is that all of these methods require some kind of support from the site you are logging into. If the site doesn't support one-time passwords, SecurID, client certs, OpenID, or SSH -- if it only supports ordinary password authentication -- you're hosed.

Source Link
D.W.
D.W.
  • 100k
  • 33
  • 277
  • 599

Assumptions. As I understand it, you are only concerned about eavesdropping: e.g., that the folks who are monitoring you might record everything you do, and fail to adequately secure those records. You are not worried that they will be actively malicious. For instance, they won't mount a man-in-the-middle attack on you.

Advice. Given this threat model, I think any external authenticator would likely work. For instance, here are three options, any of which should address your needs:

  • Authenticating with a RSA SecurID card would address your concerns, because the SecurID card generates a time-dependent single-use authenticator that is not useful to an attacker if it is subsequently exposed.

  • Another reasonable option would be a smartcard that stores a client cert and private key, and then authenticate using SSL client certs; this is secure, because your private key never leaves the smartcard, and even if the monitors capture the challenge-response values sent over SSL, they won't do any good to an attacker after they are used.

  • You could also use a one-time passwords. The one-time password will be recorded, but even if those records later leak, the password will already have been used and will no longer be valid, so it won't be of any use to an attacker.

  • Another possibility would be to use OpenID to authenticate to the website. That still leaves the question of how to authenticate to your OpenID provider, but if you can find an OpenID provider who will allow users to authenticate themselves by any of the three methods above, then you'd be in great shape -- this would let you log in securely to any website that supports OpenID.

  • Beyond the web, if you want to log in to another computer remotely, you could log in via SSH with public-key authentication, with your private key stored on a smartcard. SSH lets you store your private key on a smartcard, so the folks monitoring you never learn your private key (see also here, here, and here).

Basically, the common theme here is to use crypto (e.g., public-key crypto) instead of passwords for authentication.

The primary challenge is that all of these methods require some kind of support from the site you are logging into. If the site doesn't support one-time passwords, SecurID, client certs, OpenID, or SSH -- if it only supports ordinary password authentication -- you're hosed.