Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [CISSP-D] Dynamic Password

from [Roshan Mani] Network Security [Permanent Link]
Subject: RE: [CISSP-D] Dynamic Password
Date: Tue, 7 Jun 2005 10:58:57 +0530 
Hi,

In continuation with what Clement said, typical implementations of random
passwords or OTP's are 2 factor, through the use of time-synchronous tokens
or other crypto tokens! I've come across another interesting deployment of
OTP's which would translate to a 1.5 factor (i.e. falls between static
passwords and token based OTP systems)!

Under the 1.5 system, a random password string could be sent to you through
various delivery mechanisms (i.e. SMS, web-page etc) and you have a
previously registered PIN (what you know) which is used to extract the
actual login password from the random password string! This way the login
password is different for every authentication attempt and takes care of
issues like key-stroke loggers, shoulder surfing, password crackers etc.,
all without the use of physical token devices to generate/carry the
password!

This system is really useful for those who want to implement stronger
authentication than static passwords but are restrained by costs of
deployment of crypto or time-synchronous tokens!!

Regards,
Roshan Mani

-----Original Message-----
From: CISSP-Discuss@yahoogroups.com [mailto:CISSP-Discuss@yahoogroups.com]
On Behalf Of Clement Dupuis
Sent: 06 June 2005 16:36
To: 'huang_qinghua'
Cc: CISSP-Discuss@yahoogroups.com
Subject: RE: [CISSP-D] Dynamic Password

In most implementation it will be a mix of both.

You know: a PIN or passphrase

You have: The calculator or token to generate the one time password.

For implementation such as SKEY and OPIE where only software could be used
it might fall only within the: You know

Clement


-----Original Message-----
From: [mailto:CISSP-Discuss@yahoogroups.com] On Behalf Of huang_qinghua
Sent: Sunday, May 29, 2005 8:35 AM
To: CISSP-Discuss@yahoogroups.com
Subject: [CISSP-D] Dynamic Password

Dynamic password. Is it something you know, or something you have ?






 
Yahoo! Groups Links



 





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.3 - Release Date: 6/6/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.3 - Release Date: 6/6/2005
 





 
Yahoo! Groups Links



 






 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [CISSP-D] About the material for the CISSP Certification, Doug Landoll
Next by Date:  [CISSP-D] Re: Dynamic Password, Doug Landoll
Previous by Thread:  [CISSP-D] Re: Dynamic Password, Doug Landoll
Next by Thread:  [CISSP-D] About the material for the CISSP Certification, aguilar3901
Indexes:  [Date] [Thread] [Top] [All Lists]