[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: A (not) new security idea



On Thu, 2004-10-14 at 11:43, BjÃrn Persson wrote:

[Sorry for the delay; I work third shift (2200-0600 local time]

> So you'd have some kind of identification on the USB memory, and if the
> passphrase you type matches that identification, you're logged in. And
> you'd use this on all the computers you use?

    Well, whatever it is keeping them from doing it now, I suppose. We'd
have to exchange key data in a hash format a'la SSH; I'm sure there's a
way to keep it from being easy to sniff/steal.  If not, SSL/SSH/etc
would have been routinely hacked on a widespread basis a long time ago,
no?

> What if you don't fully trust one of these computers? Maybe you're a
> user on a big campus, and you don't know who the administrators are. You
> don't even know how many people have root access. If just one of them
> isn't completely honest, they could install a piece of software that
> copies your ID from the keyfob and sniffs your passphrase as you type
> it. Then they can pose as you everywhere.

    Well, I understand the concern; but if anyone can work this out, we
can....we don't have to beg and borrow from people holding patents,
etc.  Aye?

-- 
------------------------------------------------------------------------
Brian FahrlÃnder                  Christian, Conservative, and Technomad
Evansville, IN                                 http://www.fahrlander.net
ICQ 5119262
AIM: WheelDweller
------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]