OpenConnect and RSA tokens

David Woodhouse dwmw2 at infradead.org
Mon Sep 26 11:15:24 EDT 2011


On Mon, 2011-09-26 at 15:55 +0100, Andrew Stringer wrote:
> Hi, I used to be able to use openconnect with my companies VPN (3000
> series concentrator) but recently they have introduced a soft token from
> RSA which only seems to be available to run under the awful win7.

The RSA Softoken crap used to run under Wine. Does it not any more?

It's a bit of a rip-off; basically their business seems to be selling
random numbers to people who don't have enough clue to make them up for
themselves. It's not as if one-time passcodes are hard to do.

The "value add" seems to be that they keep a *copy* of your random
numbers, and leak them to hackers!

If it doesn't run under Wine, it still shouldn't be that hard to work it
out. The old homegrown 64-bit token algorithm is already well-known, and
the 128-bit AES one shouldn't be that hard to work out. Once you have it
working, I'd be happy enough to take patches which automate it.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20110926/33d078bf/attachment.bin>


More information about the openconnect-devel mailing list