Date: Tue, 13 Mar 2001 16:18:52 +0100 From: Terje Elde <terje@thinksec.no> To: Borja Marcos <borjamar@sarenet.es> Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>, freebsd-security@FreeBSD.ORG Subject: Re: iButton Development Message-ID: <20010313161852.G9762@thinksec.com> In-Reply-To: <3AAE3809.F795A6A5@sarenet.es>; from borjamar@sarenet.es on Tue, Mar 13, 2001 at 04:08:57PM %2B0100 References: <3AADB1D3.C70E00C@colltech.com> <20010313155046.E9762@thinksec.com> <3AAE3809.F795A6A5@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tue, Mar 13, 2001 at 04:08:57PM +0100, Borja Marcos wrote: > > Also a obvious extension. One idea we've been playing with is to not only > > keep the keys on the button, but never to let them be anywhere else. The java > > iButton for example, could handle the cryptographic functions for you. It > > features cool things like rapid destroying of the content should you try to > > tamper with it. > > This would be the ideal system; when used for ssh, for example, > the button stores the private part of the RSA key, and the challenge is > sent by the ssh-agent to the button. It encrypts the challenge and > returns the answer. > > If the key is kept inside the button, it can be useful even > in hostile environments. I understand that now there are buttons > capable of running small prograams. As Poul-Henning points out, doing this isn't for everyone. It pretty much boils down to what you trust the most. The security of your hardware/software and your ability to set it up, or the iButtons. In the case of my private workstation, I'd normally prefer running the crypto on the workstation itself, not allowing the iButtons to be as much of a weak link. Should I ever have the need for ssh'ing from public company terminals to note quite secure systems on the other hand, this would be a good idea. A toolkit to pick what one likes from, not enforcing the way I want it one everyone else. Terje [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6rjpctO3jfBe8qO0RAgihAJ9L0CUVce5vJBxeLqnEXE4P1zszpACff1kF x90lqiz16wedeCk/ZVdc0aM= =Hywq -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010313161852.G9762>