[aprssig] Re: Authentication over APRS
Scott Miller scott at opentrac.orgWed Dec 8 22:36:05 UTC 2004
- Previous message: [aprssig] findu sort by icon
- Next message: [aprssig] Re: Authentication over APRS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> SecurID is a great product, I use it daily. It provides "two factor" > authentication (requiring both something you know - your pin, and something > you have - the token). It's not vulnerable to replay attacks as you suggest, > because the act of using the code on the token locks out that code for any > other authentication attempts. It is, however, vulnerable to > man-in-the-middle attacks unless other methods are used to mitigate this. I've used these too. It requires fairly close time synchronization, and if you're dealing with a device somewhere on a mountaintop miles away with no GPS, keeping within a couple of minutes is too much trouble. > seems best. Kantronics as I recall does a weak flavor of > Challenge/Response, in that you can give it a long passphrase, and it'll > send prompt you for the character at position x, y, & z (changing every > login) in the phrase. Using a hardware "calculator" gives decent two Yeah, and you're going to run out of secrets pretty fast if it's something you do on a regular basis. I think a TEA or similar CBC-MAC with a simple challenge/response should be fine. The remote device might just pick a random sequence of four characters and send them with each beacon - these would be hashed along with the command, and the device would choose a new sequence after executing the command. Scott N1VG
- Previous message: [aprssig] findu sort by icon
- Next message: [aprssig] Re: Authentication over APRS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the aprssig mailing list