Comments for quuxlabs http://www.quuxlabs.com transmuting ideas into value Sun, 13 Feb 2011 17:15:42 +0000 hourly 1 http://wordpress.org/?v=3.2.1 Comment on Paper Token: Gutenberg’s version of One Time Passwords by Alexandre Dulaunoy http://www.quuxlabs.com/blog/2010/09/paper-token-gutenbergs-version-of-one-time-passwords/comment-page-1/#comment-804 Alexandre Dulaunoy Sun, 13 Feb 2011 17:15:42 +0000 http://www2.quuxlabs.com/?p=431#comment-804 Thank you for your comment. It's true that S/KEY exists for years and used by a small number of people. The article is more targeting the HOTP[1] devices (e.g. RSA SecurID token) where a lot of services are now relying on token-based hardware to access "secure" services. As the majority of token user (or even administrator) didn't know that event-based token can be pre-calculated and printed on a sheet of paper, we show this possibility for HOTP. Especially that large corporation use token-based access for emergency case, they usually don't need the hardware-based token (usually more expensive to acquire and manage) and could simply rely on a paper. I hope this answers your question. [1] http://tools.ietf.org/html/rfc4226 Thank you for your comment.

It’s true that S/KEY exists for years and used by a small number of people. The article is more targeting the HOTP[1] devices (e.g. RSA SecurID token) where a lot of services are now relying on token-based hardware to access “secure” services. As the majority of token user (or even administrator) didn’t know that event-based token can be pre-calculated and printed on a sheet of paper, we show this possibility for HOTP. Especially that large corporation use token-based access for emergency case, they usually don’t need the hardware-based token (usually more expensive to acquire and manage) and could simply rely on a paper.

I hope this answers your question.

[1] http://tools.ietf.org/html/rfc4226

]]> Comment on Paper Token: Gutenberg’s version of One Time Passwords by none http://www.quuxlabs.com/blog/2010/09/paper-token-gutenbergs-version-of-one-time-passwords/comment-page-1/#comment-753 none Mon, 07 Feb 2011 12:00:42 +0000 http://www2.quuxlabs.com/?p=431#comment-753 I don't *quite* get the point. From a cursory glance, OPIE - S/KEY already supports the concept of having a printed list of pregenerated one-time-use passwords, and people (albeit maybe not enough people) have been using it in this way for years, so what exactly is the new thing in this article? What does your new implementation bring? I don’t *quite* get the point. From a cursory glance, OPIE – S/KEY already supports the concept of having a printed list of pregenerated one-time-use passwords, and people (albeit maybe not enough people) have been using it in this way for years, so what exactly is the new thing in this article? What does your new implementation bring?

]]> Comment on Location and Friendship: Data Mining in Facebook by Edith http://www.quuxlabs.com/blog/2010/09/location-and-friendship-data-mining-in-facebook/comment-page-1/#comment-8 Edith Wed, 08 Sep 2010 00:02:42 +0000 http://www.quuxlabs.com/?p=598#comment-8 Thank you for the sharing. It is a really interesting study! Thank you for the sharing. It is a really interesting study!

]]>