Date: Tue, 13 Mar 2001 16:05:40 +0100 From: Terje Elde <terje@thinksec.no> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Daniel Hagan <dhagan@colltech.com>, freebsd-security@FreeBSD.ORG Subject: Re: iButton Development Message-ID: <20010313160540.F9762@thinksec.com> In-Reply-To: <7857.984495569@critter>; from phk@critter.freebsd.dk on Tue, Mar 13, 2001 at 03:59:29PM %2B0100 References: <20010313155046.E9762@thinksec.com> <7857.984495569@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
--R6sEYoIZpp9JErk7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Mar 13, 2001 at 03:59:29PM +0100, Poul-Henning Kamp wrote: > My share in this is mostly the monitoring gadgets with the 1wire > products, but given working software I would probably put my pgp > key somewhere more safe as well. I do see your concern, and I would not automatically trust the iButtons 100%, but it's a good hardware building block to base things on. If you store a encrypted version of your pgp/ssh keys on it, then you would really need to break the algorithm to gain access to the keys, in which case you can attack pgp in itself anyways. (simplified; if you break the symmetric cipher which has encrypted the keys stored on the iButton then you've got the keys, while if you had broken the same symmetric cipher in pgp itself, the keys would be safe as soon as you switch to another algorithm, and you would have to perform one such crack for each message). Or rather, in the end how things are set up and used is really up to the end user. My goal is to try to help provide the tools to make the technology available, and also the guidance to balance the risks. What makes a good choice is highly dependent on a lot of factors, and what's right for you isn't always right for everyone else. If my access was limited to a single shared win95 box, then I'd feel much more comfortable with a iButton performing the crypto for me, and keeping the keys, than storing them on the windows box. Terje "delta" Elde ThinkSec AS --R6sEYoIZpp9JErk7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6rjdEtO3jfBe8qO0RAj1YAJ4p73caXUlQoCxQi9SkogN6tocCgQCfUWfW FfwG5z59uawYKJYAICvebyw= =QnMf -----END PGP SIGNATURE----- --R6sEYoIZpp9JErk7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010313160540.F9762>