Firewalls: Re: SecurID and SSH (was: Stateful Packet Filters vs. Proxies)

Firewalls
(June 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SecurID and SSH (was: Stateful Packet Filters vs. Proxies)
From:	Jyri Kaljundi <jk @ stallion . ee>
Date:	Thu, 19 Jun 1997 19:25:01 +0300 (EET DST)
To:	Firewalls @ GreatCircle . COM
Cc:	Craig Brozefsky <craig @ onshore . com>
In-reply-to:	<199706121806 . LAA18961 @ honor . greatcircle . com>

On Wed, 11 Jun 1997, Craig Brozefsky <craig @
 onshore .
 com> wrote:

> SecurID is lame, I'll say it again. Why pay for a OTP password system
> with no encryption capabilities, and a non-published cryptographic
> method for generating the tokens, when I can use ssh for free, or
> purchase it from F-Prot if I need that commercial feeling?  

SSH and SecurID are not things you should compare. SSH is not something
you should use rely on instead of SecurID, but what you should do is use
SecurID authentication over SSH. Yes I do not like SecurID hash algorithm
being unpublished either, let's just hope SDTI one day will understand it
needs to use public algorithms. OTP systems are much better for user auth
than just RSA auth that SSH does, but the again SSh does have some support
for SecurID already.

Jyri

Follow-Ups:

Re: SecurID and SSH (was: Stateful Packet Filters vs. Proxies)
From: ArkanoiD <ark @ paranoid . convey . ru>
Re: SecurID and SSH (was: Stateful Packet Filters vs. Proxies)
From: Adam Shostack <adam @ homeport . org>

Indexed By Date	Previous:	Watchguard From: MJ Stromberg <mjstrom @ itisolutions . com>
Indexed By Date	Next:	Siwinder From: "Marcelo Diaz"<mdiaz @ tandem . cl>
Indexed By Thread	Previous:	WATCHGUARD From: Mark Teicher <mht @ clark . net>
Indexed By Thread	Next:	Re: SecurID and SSH (was: Stateful Packet Filters vs. Proxies) From: Adam Shostack <adam @ homeport . org>