Firewall question
Todd Denniston
Todd.Denniston at ssa.crane.navy.mil
Thu May 15 21:28:28 UTC 2008
Anne Wilson wrote, On 05/15/2008 03:39 PM:
> On Thursday 15 May 2008 19:05, max bianco wrote:
>> I think, assuming i have followed things correctly to this point, a
>> big if I know, that she was looking for someway to establish the
>> computer's identity through its hardware configuration, a hardware
>> fingerprint if you will, this would be possible I think but you would
>> have to have some kind of computed hash, based on the hardware setup
>> and something random(in case someone somewhere has a computer setup
>> identical to yours and also happens to stumble across your network)
>> that would uniquely identify your computer, maybe calculated based on
>> the individual serial numbers of your hardware components, assuming
>> they are unique of course. I asked something similar once but all i
>> got were quizzical looks for my effort, as well as suggestions like
>> "isn't that what cookies are for?" to which the answer is of course
>> no. Cookies store settings, site info, and such but this would be like
>> a fingerprint for your computer or a retinal pattern or a dna sample.
>
> Hardware fingerprint - yes, that describes my idea exactly. :-)
>
> Anne
>
Either way in the end (I hope) you are talking about crypto[0] keys, you just
want your hardware to BE the key(not good unless that hardware is a TPM).
In hardware you have the Trusted Platform Module[1], in software you have soft
keys. The soft keys can be either files or hardware[2] (or something in
between like a key that is on a normal USB stick, or an OTP[3]).
soft keys used for ssh and open vpn are probably the easiest, but smart cards
are fun.
[0] http://en.wikipedia.org/wiki/Crypto
[1] http://en.wikipedia.org/wiki/Trusted_Platform_Module
[2] http://en.wikipedia.org/wiki/Smart_card
http://en.wikipedia.org/wiki/Common_Access_Card
[3]
http://en.wikipedia.org/wiki/One-time_password#Implementation_of_a_time-synchronized_type_OTP
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
More information about the fedora-list
mailing list