A USB dongle for one-time passwords
The benefits of OpenKubus include portability and the ability to customize hardware without breaking the bank. The drawback is that the stick and all the servers need to synchronize the serial number. If you need to authenticate against multiple servers, you will need a central server. Tools for managing OpenKubus in larger environments with large numbers of users are still rudimentary.
OpenKubus will not protect you against man-in-the-middle attacks . The service you are calling has to demonstrate authenticity separately. However, the project is an exciting platform for any administrator interested in experimenting.
- "One-Time Passwords" by Udo Seidel, Linux Magazine, November 2008, pg. 22
- USBprog wiring diagram: http://www.embedded-projects.net/usbprog
- Shop for OpenKubus hardware: http://shop.embedded-projects.net
- OpenKubus: http://code.google.com/p/openkubus (in German)
- Installation notes on AVR-GCC: http://www.nongnu.org/avr-libc/user-manual/install_tools.html
- PAM configuration syntax: http://kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html
- Wrapper Generator SWIG: http://www.swig.org/
- Man-in-the-middle attacks: http://en.wikipedia.org/wiki/Man-in-the-middle_attack
New flaw in an old encryption scheme leaves the experts scrambling to disable SSL 3
Lennart Poettering wants to change the way Linux developers talk to each other.
Enterprise giant frees itself from ink and home PCs (and visa versa).
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.