[Systems] [Fwd: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30]

[Bernie Innocenti]

On Mon, 2011-10-17 at 21:58 +0200, Sascha Silbe wrote:
> Excerpts from Bernie Innocenti's message of 2011-10-13 22:33:25 +0200:
> 
> > Some form of TOP would make sense for us sysadmins.
> [TOP = two-factor authentication?]

Sorry for the typo, I meant to say OTP, meaning One-Time Password.


> I don't consider it worth the trouble to add more authentication hurdles
> on the server side. We can encourage all admins to use a hardware token
> (like the Gemalto USB Shell Token V2 + OpenPGP v2 smart card I'm using),
> but anything else will only make it more annoying to connect to the
> servers, not any more secure.
>
>  If anyone has access to your private key,
> they have already won. They can sniff the keyboard, hijack ssh sessions,
> etc.pp. The only thing the hardware token really helps with is removing
> the need to create new keys and re-establish your web of trust, BTW.

This is why I had in mind a simple second factor authentication, like
this one: http://www.yubico.com/

Now, even if they had rooted my laptop and stolen my private key, they'd
also have to break into my house to steal my OTP while I'm sleeping.


> The only way to make it more secure is by making sure attackers don't
> get into your account in the first place. Run applications processing
> foreign data - especially complex ones like web browsers - in isolation
> shells (read: Rainbow), encrypt your hard disk, make sure you always
> leave the screen locked when you're afk, check for (commercial grade)
> hardware key sniffers, etc.

Except for isolation, I guess we're all already using these
countermeasures already.

-- 
Bernie Innocenti
Sugar Labs Infrastructure Team
http://wiki.sugarlabs.org/go/Infrastructure_Team