Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] SSH'ing to home with only port 80



Hi!

On 01.11.2005, 11:10 +0900 Shawn wrote:

> I'd generate a list of passwords so they were disposable.
> Each file you sent in could be used just once.
> PGPing would just hide the length of the password.

And how about using PGP not only to disguise the password? I mean, why
do you need a password after all when using some mechanism like PGP or
any other public/privat key infrastructure? You don't, you've got the
keys! 

You just need to make sure that the content sent to the receiver is
unique and cannot be reused. So you could use a time stamp, or even
simpler an ever increasing serial number. It is also not really
necessary to disguise it, signing is enough if you agree on the keys to
be used (by e.g. signing your private key with the server's key, or
simply storing your key-ID on the server).

Or in your scenario: as your passwords are generated, just generate
passwords long enough and leave out the PGP. Same effect.

-- 
  Michael Reinsch <mr@example.com>                      http://mr.uue.org/
------------------------------------------------------------------------

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links