[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smartcard configuration in openbsd



On Tue, Nov 26, 2002 at 08:22:22AM -0700, Ben Goren wrote:
> hold a  few thousand private  keys on a floppy. If  you're worried
> about  systems  that  don't  have  a  floppy,  add  one  of  those

Depending on unreliable media for your authentication data is
ridiculous.

> credit-card-sized mini-CDs and a USB ``pen'' drive to your wallet,
> and just  keep duplicate copies  of the information on  all three.
> You'll be able to access the information on anything but a kiosk.

Last I checked (Sunday), those USB drives don't work under OpenBSD.
 
> Finallly, if  all you're  worried about  is somebody  installing a
> keyboard sniffer and getting your password, none of the above will
> do you a darn bit of good. The  attacker will copy the key off the

In addition to carrying around your floppy disk/USB drive/mini-CD,
you could also carry around your own foldable keyboard too.

> removeable media and sniff the passphrase for it at the same time.
> Instead, what you need are one-time passwords. See skey (1).

Uh huh.  Or see http://www.rsasecurity.com/products/securid/ for a real
solution.

- jolan