29 lines
1.4 KiB
XML
29 lines
1.4 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
|
<pkgmetadata>
|
|
<maintainer>
|
|
<email>ulm@gentoo.org</email>
|
|
</maintainer>
|
|
<longdescription lang="en">
|
|
From RFC2289:
|
|
One form of attack on networked computing systems is eavesdropping on
|
|
network connections to obtain authentication information such as the
|
|
login IDs and passwords of legitimate users. Once this information is
|
|
captured, it can be used at a later time to gain access to the system.
|
|
One-time password systems are designed to counter this type of attack,
|
|
called a "replay attack."
|
|
|
|
The authentication system described in this document uses a secret
|
|
pass-phrase to generate a sequence of one-time (single use) passwords.
|
|
With this system, the user's secret pass-phrase never needs to cross the
|
|
network at any time such as during authentication or during pass-phrase
|
|
changes. Thus, it is not vulnerable to replay attacks. Added security
|
|
is provided by the property that no secret information need be stored on
|
|
any system, including the server being protected.
|
|
|
|
The OTP system protects against external passive attacks against the
|
|
authentication subsystem. It does not prevent a network eavesdropper from
|
|
gaining access to private information and does not provide protection
|
|
against either "social engineering" or active attacks.
|
|
</longdescription>
|
|
</pkgmetadata>
|