From owner-freebsd-security  Mon Oct  5 16:53:58 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA05243
          for freebsd-security-outgoing; Mon, 5 Oct 1998 16:53:58 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA05236
          for <FreeBSD-security@FreeBSD.ORG>; Mon, 5 Oct 1998 16:53:55 -0700 (PDT)
          (envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id RAA11176;
	Mon, 5 Oct 1998 17:53:34 -0600 (MDT)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id RAA12302; Mon, 5 Oct 1998 17:53:34 -0600
Date: Mon, 5 Oct 1998 17:53:34 -0600
Message-Id: <199810052353.RAA12302@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Sean Kelly <kelly@plutotech.com>
Cc: Chuck Robey <chuckr@mat.net>, FreeBSD-security@FreeBSD.ORG
Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification
	 (fwd)
In-Reply-To: <36194931.975AA5AC@plutotech.com>
References: <Pine.BSF.4.05.9810051545070.15656-100000@picnic.mat.net>
	<36194931.975AA5AC@plutotech.com>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > I can do that part, I'm interested if this really
> > represents a secure method for me to be able to do something like carry
> > around my whole 1024 bit private key with me, and use the $15 (yes, it's
> > only $15!) ISA card to interface to the ring, and tell the system
> > securely who I am.  I want to know if there are any hidden traps to
> > doing logins that way.
> 
> I hope not, since I'm planning on using my iButton to arm and disarm the
> home security system.  I get the added bonus of a record of who did it
> (me, wife, or future kids), and a nearly nil chance that anyone else can
> disarm it.

Umm, quick question.  What's to stop the burglar from taking your ring
and using it to disarm your alarm?  (I contrast this with the alarms
ability to have a 'disarm but silent setoff setting' which disarms the
alarm by still calls in the calvary, which is used when you are in
distress...

(Or, am I just being truly paranoid...)


Nate - Who is looking for a good 'physical' security mechanism that
  can't be easily forged by an outsider who gets physical access to you
  and your computer.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message