Delivery-Date: Fri, 10 Jun 2016 22:14:18 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 26FBC1E0080;
	Fri, 10 Jun 2016 22:14:16 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 98E30E159F;
	Sat, 11 Jun 2016 02:13:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id F2318E1595
 for <tor-talk@lists.torproject.org>; Sat, 11 Jun 2016 02:13:41 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 8E4Tc9oltegj for <tor-talk@lists.torproject.org>;
 Sat, 11 Jun 2016 02:13:41 +0000 (UTC)
Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com
 [IPv6:2607:f8b0:4002:c05::233])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 5163DE1581
 for <tor-talk@lists.torproject.org>; Sat, 11 Jun 2016 02:13:41 +0000 (UTC)
Received: by mail-yw0-x233.google.com with SMTP id z186so63780532ywd.2
 for <tor-talk@lists.torproject.org>; Fri, 10 Jun 2016 19:13:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
 bh=eJr7Ow8jtQmAOj1zYB0tRzah3IfDPiZseu3EsUxG0AM=;
 b=MfeO4HwoLhJp4hF2fl67BnlgwBhIqcskgsQNng9GDrN/XzluqIW++23swvMvsUpPbs
 k5NfI9c/FQsOa3Xn+mZEnBoS+z+e1F9ykzcYxz3PkFDzIPnKIdg3wETWUNLn0PESh7ue
 Ohr5gmVMK6F6gavjVvuWzQvNgEjOU6KfIH0cyP3KOgZdTfvb/ua8n+XZwN1f6ZmhK/Ci
 b9EJ4CSqK9hGKMlQYbRErIk1R/rfrv2XSjFGZsk805hBvVMur/HQSnRXzfZkYnoknEWx
 dqFjZLcwPElO8vvVgS2UFGeza3au4Ztk418BRX1msyLX7WfI9BBiKWkLeniXL4zfDTWc
 nMOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to;
 bh=eJr7Ow8jtQmAOj1zYB0tRzah3IfDPiZseu3EsUxG0AM=;
 b=doKRcMXCp5s3WshlMwVZTXlEIXdQkquXLJT9KCy5TgPPc0vr9vn6ZOkSVbGq3r4XKo
 QghgX8DFrJu9mEYDR5AinnQFCxICCgmpn4KSM1v86dZNfkYUMgbf8GPlvr6VY0grq55u
 LZcS5lNNBXBnToll5aYP/Yz3G4PIb8ASxhP4FcfAJnoJJ22Nv4YxSLoAuVZjkfBOMP0c
 B45xlbgQczbZQgXqispvGnsbal1x2U+G9yPYBAffMcpkEPoNJpu9gzwip9c2qXjlxCkC
 56+fBvKtWRqoH+x9t0eIaFuNuXGYVUpg3/o70gMiBtTPGuk8l7anbSHyPhcd7UfV1sgE
 rdxA==
X-Gm-Message-State: ALyK8tIH57QpgIN/2RpeVR/DSLfQHhiDpmdQ1JMpC+Lhvm98GzKyofTCHftaJYOA4dMoBRe6P+7QoIO0d+IT7Q==
X-Received: by 10.129.52.66 with SMTP id b63mr2583970ywa.320.1465611218182;
 Fri, 10 Jun 2016 19:13:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.145.18 with HTTP; Fri, 10 Jun 2016 19:13:37 -0700 (PDT)
In-Reply-To: <CAKws9z2UxNK0z9aKRSEoZLjYLj+mqCkgVOk9YN8Wa4Dgpk5gQg@mail.gmail.com>
References: <CAKws9z2UxNK0z9aKRSEoZLjYLj+mqCkgVOk9YN8Wa4Dgpk5gQg@mail.gmail.com>
From: Allen <allenpmd@gmail.com>
Date: Fri, 10 Jun 2016 22:13:37 -0400
Message-ID: <CAB7TAM=e-zdUFJdV8T3YJ-t6VQKKx8fTr_GqU9VTDQitjG+aLQ@mail.gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Tor-Friendly Two-Factor Authentication?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, Jun 10, 2016 at 9:58 PM, Scott Arciszewski <scott@paragonie.com>
wrote:

> * FIDO U2F requires users to purchase separate hardware devices which,
> while cheap, aren't already in the arsenal of most netizens
>

How about developing a simple 2FA app for a smartphone?  Maybe a smartphone
could emulate a FIDO U2F?  Alternately, I remember some of the first 2FA
devices were fobs that displayed a 6 digit code that changed every 15
seconds or so, based a pseudorandom generator that had a secret seed value
that was known by the server.  A simple smartphone app design might be to
give the user a pseudorandom seed when they create their account, the user
inputs the seed into the app on their phone, and then when they want to
login they have to enter a 6-8 digit code displayed by their smartphone
app.  Maybe some apps like that already exist...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

