From owner-freebsd-security  Thu Jun 20 18:23: 5 2002
Delivered-To: freebsd-security@freebsd.org
Received: from frl.nisser.com (c0039.upc-c.chello.nl [212.187.0.39])
	by hub.freebsd.org (Postfix) with ESMTP id C1D1E37B411
	for <freebsd-security@FreeBSD.ORG>; Thu, 20 Jun 2002 18:22:58 -0700 (PDT)
Received: from eboa.com (roelof.nisser.com [10.0.0.2])
	by frl.nisser.com (Postfix) with ESMTP
	id 01911EA94; Fri, 21 Jun 2002 03:22:54 +0200 (CEST)
Message-ID: <3D128027.3090509@eboa.com>
Date: Fri, 21 Jun 2002 03:23:51 +0200
From: Roelof Osinga <roelof@eboa.com>
Organization: eBOA - Programming the Web
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523
X-Accept-Language: en,pdf
MIME-Version: 1.0
To: Eric F Crist <ecrist@adtechintegrated.com>
Cc: 'twig les' <twigles@yahoo.com>, 'graham' <graham@avint.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Password security (my final post on this particular thread)
References: <004101c217bf$74a26f70$77fe180c@armageddon>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Eric F Crist wrote:
> It's apparent that this conversation could go on forever.  It is also
> ...
 >
> 1) Password security is not perfect due the inability of most
> people/users of data networks to remember and conjure up difficult,
> complex, or hard to guess passwords.
> 
> 2) Biometrics is not a fool proof method of authentication and there are
> ways to trick these devices.
> 
> 3) The generally agreed upon method for the most secure method of
> authentication over a seemingly insecure data network would be to
> combine a multitude of different technology, all dependent on each
> other.

You missed the simple fact that all keys can be copied. From an OPIE
list or print to some generated cryptographic bit sequence. Making it
very simple - giving that opportunity - to raise a hell of a lot of
false positives.

Thus making 3 4. Furthermore I think you should amend 3 or 4 by adding
time into the equation. Just by varying parts of the defense in a timely
manner makes it harder for wannabees to get the toehold needed to do
their dirty deeds.

Roelof

PS true, biometric keys can also be copied easily

-- 
_______________________________________________________________________
eBOAź                                               est. 1982
http://eBOA.com/                                    tel. +31-58-2123014
mailto:info@eBOA.com?subject=Information_request    fax. +31-58-2160293


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message