Date: Tue, 13 Mar 2001 15:50:46 +0100 From: Terje Elde <terje@thinksec.no> To: Daniel Hagan <dhagan@colltech.com> Cc: freebsd-security@freebsd.org Subject: Re: iButton Development Message-ID: <20010313155046.E9762@thinksec.com> In-Reply-To: <3AADB1D3.C70E00C@colltech.com>; from dhagan@colltech.com on Tue, Mar 13, 2001 at 12:36:19AM -0500 References: <3AADB1D3.C70E00C@colltech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Oiv9uiLrevHtW1RS
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Mar 13, 2001 at 12:36:19AM -0500, Daniel Hagan wrote:
> There was some discussion regarding iButtons in mid-Jan on this list.=20
> I'm interested in getting one or more of these things to play with, with
> the goal of:
For reasons I don't quite know I missed that thread... However I'm the
coordinator of the iButton project, which aims to define a set of API's to
communicate with iButtons, or the 1-wire bus in general, as well as making a
daemon to handle the actual communication with the 1-wire bus, as well as
multiplexing between users and applications where desired.
I must admit the project has been idle for a little while now, though I'm s=
ure a
cooperation could be mutually beneficial.
> o Authenticating myself to my home workstations (pam module?).
Our plans include making pam module which uses the API's(/sdk) for either
simple authentication using the serial number on the iButtons (yuck) or my
favorite, full public key authentication using the java iButtons.
> o Storing PGP & ssh keys.
Also a obvious extension. One idea we've been playing with is to not only
keep the keys on the button, but never to let them be anywhere else. The j=
ava
iButton for example, could handle the cryptographic functions for you. It
features cool things like rapid destroying of the content should you try to
tamper with it.
> Since I assume these are tasks of interest to more people than just
> myself, I was wondering:
>=20
> o Does anyone have existing code bases to support these tasks?
We've done very basic coding and design of the API's, though we don't have =
any
of the code working with the actual buttons up and running yet.
> o Is there any support (in the political sense) for getting the pam
> module and/or other code incorporated into the base system or as a port?
Strong cryptographic authentication system and secure storage with possible
extension of cheap industrial chips with everything from temp sensors to AD=
/DA
converters and whatnot. Who wouldn't want it?
> o Does anyone have any recommendations on what hardware to procure for
> these tasks? I was looking at getting a serial port BlueDot (possibly
> two or three, I have some laptops I may want to use this with too) and a
> DS1996L-F5 64-kbit Memory iButton. I would also think about getting a
> Java-powered iButton, Model 96, Release 1.1 (or 2.2) if I understood
> exactly what I'd be getting for the money. Does anyone have any
> information/examples on how these Java iButtons are used?
You probably want the following (in the order they're listed in the dalsemi
shop online):
* DS1921L-F52 - Thermochron (-20=B0C to +85=B0C)
It'll allow you to play more with the bus, making sure the knowledge
sticks. Not really required for these tasks, but it's so cute.
* DS19550-401 - Java-powered iButton, Model 96, Release 1.1
* DS1957B-406 - Java-powered iButton, Model 96, Release 1.1
=20
You want both, because if you're going to do development on these, you'll
probably want to make sure your software will work properly on both.
As for what you'll get...
=20
* JVM
These babies actually run Java code, as long as they're docked and have
power. As soon as you rip out the power, the applications are still i=
n a
running state, but they're execution speed is frozen so to speak.
=20
* PRNG
Perfect to both feed your Java code, and perhaps also relay to a FreeB=
SD
box to help feed it's PRNG.
* Crypto
* SHA-1
* RSA
* DES
* 3DES
The math accelerator for RSA operations handles them with a less than 1
sec worst-case.
At least the 2.2 release has 134kbytes of RAM, which makes it the iBut=
ton
with the biggest storage.
* DS1963S-F5 - SHA-1 iButton
You'll want this so you can do keyed hashes for authentication. It's mu=
ch
better than the java iButtons for this task, due to it's lower price.
In addition to those you'll want some of the other memory iButtons, a nice
selection to fit your taste. I recommend you get at least two or so of the
bigger ones, and as many as you feel like of the cheaper.
For connectivity I would like to suggest that you get one or several serial
adaptors, with matching bluedots. Let me remind you that there are
differences between them, but which you'd want is perhaps a matter of taste.
Getting some of each might not be a bad idea. I would recommend you stick
with serial, as they're supposedly easier to use, and has some software
already available (hint: ports/comms/mlan, though it's not up to date (hint=
)).
You might also want to look at the TINI, as it's got a 1-wire device, and
would be pretty nice to integrate with everything.
Terje "delta" Elde
ThinkSec AS
--Oiv9uiLrevHtW1RS
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE6rjPGtO3jfBe8qO0RAjK3AJ9t+VS+teR9jzyqkq5Vn0V9B1x2RQCfXbG4
rdCFa/r/9xjfdth83VbHeKo=
=mDuZ
-----END PGP SIGNATURE-----
--Oiv9uiLrevHtW1RS--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010313155046.E9762>