From owner-freebsd-security Tue Oct 6 08:54:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA11820 for freebsd-security-outgoing; Tue, 6 Oct 1998 08:54:36 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from picnic.mat.net (picnic.mat.net [206.246.122.117]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11804 for ; Tue, 6 Oct 1998 08:54:32 -0700 (PDT) (envelope-from chuckr@mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.1/8.8.5) with ESMTP id XAA18443; Mon, 5 Oct 1998 23:33:05 -0400 (EDT) Date: Mon, 5 Oct 1998 23:33:05 -0400 (EDT) From: Chuck Robey To: Nate Williams cc: Sean Kelly , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) In-Reply-To: <199810052353.RAA12302@mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 5 Oct 1998, Nate Williams wrote: > > > I can do that part, I'm interested if this really > > > represents a secure method for me to be able to do something like carry > > > around my whole 1024 bit private key with me, and use the $15 (yes, it's > > > only $15!) ISA card to interface to the ring, and tell the system > > > securely who I am. I want to know if there are any hidden traps to > > > doing logins that way. > > > > I hope not, since I'm planning on using my iButton to arm and disarm the > > home security system. I get the added bonus of a record of who did it > > (me, wife, or future kids), and a nearly nil chance that anyone else can > > disarm it. > > Umm, quick question. What's to stop the burglar from taking your ring > and using it to disarm your alarm? (I contrast this with the alarms > ability to have a 'disarm but silent setoff setting' which disarms the > alarm by still calls in the calvary, which is used when you are in > distress... > > (Or, am I just being truly paranoid...) No, you're not being paranoid, but still illogical. Think of the Roman warrior being shown a gun, and told that he can now kill folks from far away ... and the warrior grouses "but what happens when I run out of bullets?" Sure, it happens. What happens, Nate, when that burglar, who now has to take your keys, does exactly that? The analogy with your question of what happens when he takes your ring is exact here. Don't expect this to solve ALL problems, but it's going to be one hell of a lot harder to lose your keys, now isn't it? And, given the length of the password you can carry, as long as you hang onto that ring, you're much safer than you were, right? I'm NOT portraying this as perfect, Nate, merely a huge improvement, right? > > > Nate - Who is looking for a good 'physical' security mechanism that > can't be easily forged by an outsider who gets physical access to you > and your computer. > > ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@glue.umd.edu | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run Journey2 and picnic (FreeBSD-current) (301) 220-2114 | and jaunt (NetBSD). ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message