[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smartcard configuration in openbsd

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: smartcard configuration in openbsd
From: jolan <jolan_(_at_)_cryptonomicon_(_dot_)_org>
Date: Tue, 26 Nov 2002 10:59:16 -0500

On Tue, Nov 26, 2002 at 08:22:22AM -0700, Ben Goren wrote:
> hold a  few thousand private  keys on a floppy. If  you're worried
> about  systems  that  don't  have  a  floppy,  add  one  of  those

Depending on unreliable media for your authentication data is
ridiculous.

> credit-card-sized mini-CDs and a USB ``pen'' drive to your wallet,
> and just  keep duplicate copies  of the information on  all three.
> You'll be able to access the information on anything but a kiosk.

Last I checked (Sunday), those USB drives don't work under OpenBSD.

> Finallly, if  all you're  worried about  is somebody  installing a
> keyboard sniffer and getting your password, none of the above will
> do you a darn bit of good. The  attacker will copy the key off the

In addition to carrying around your floppy disk/USB drive/mini-CD,
you could also carry around your own foldable keyboard too.

> removeable media and sniff the passphrase for it at the same time.
> Instead, what you need are one-time passwords. See skey (1).

Uh huh.  Or see http://www.rsasecurity.com/products/securid/ for a real
solution.

- jolan

Follow-Ups:
- Re: smartcard configuration in openbsd
  - From: Ben Goren

References:
- smartcard configuration in openbsd
  - From: Christian Nabski
- Re: smartcard configuration in openbsd
  - From: Ben Goren

Prev by Date: smartcard configuration in openbsd
Next by Date: logging portmap
Previous by thread: Re: smartcard configuration in openbsd
Next by thread: Re: smartcard configuration in openbsd
Index(es):
- Date
- Thread

Visit your host, monkey.org