On Friday 07 December 2001 22:22, Crispin Cowan wrote: > Steve Layman wrote: > Biometrics are being loudly touted across the country lately as the > greatest thing since sliced bread, and IMHO they are utter crap. Schneier has made similar comments. Imagine switching users over to a password they cannot change... It also means that a spork can become a "denial of service attack". > Dr. > Crispie's recomended recipies for proper authentication: > > * Never use plain old passwords sent in the clear. Common examples > include: > * telnet > * non-SSL web forms Also "authenticated pages" on web sites that use "Basic Authentication". The password is encoded, not encrypted. (Base-64, if I remember correctly.) > * e-mail access via POP or IMAP > * Why: these methods can be broken through both Magic Lantern > and Carnivore (sniffing) methods, and very often are broken > and used by attackers. Also avoid protocols that have been broken, like 802.11b wireless encryption. > * For casual authentication, i.e. most of your uses that don't > involve highly sensitive access, plain old passwords sent through > crypto tunnels are ok. Common examples include: > * SSH (used in place of telnet) > * SSL-crypted web forms > * e-mail access via POP or IMAP tunneled through crypto such > as SSH or SSL (stunnel) > * Why: these methods cannot be broken through casual sniffing > (Carnivore & the like). But they can be broken through > shoulder surfing, or if the user carelessly enters their > password in the clear somewhere, allowing the attacker to > obtain the password, and then break in via the otherwise > perfectly good crypto tunnel. > * Personally, I do all of my remote access through SSH > tunnels. My personal password is NEVER transmitted in the > clear. * For serious authentication, i.e. it REALLY matters that this > access not be broken, use 2-factor tokens SecureID > http://www.icon-sys.com/preise/rsa/rsa-token.html > * Why: these are crypto devices that fit in your wallet. > "2-factor" means that the user must first authenticate to > the card by typing in a PIN or password, and then the card > is used in a crypto challenge-response exchange with the > remote server to be accessed. This resists shoulder surfing, > sniffing, and Magic Lantern virii. Unless the server is comprimised. They you are SOL. I thought they found weaknesses in SecureID. i will have to check my archives. There are also hardware ID devices like iButton and smart card authentication combined. > * Caveat: this keeps the virus from sniffing the crypto > authentication key, but it does NOT prevent the virus from > keylogging all the activities you do after you authenticate. > * For very serious authentication (nuclear weapons, billions of $, > etc.) use 2-party authentication, where two separate humans have > to use 2-factor authentication as above to authorize an operation. > * Why: because kidnapping a user (or their daughter, whatever) > works to get people to authenticate anything you want. > Kidnapping 2 people is much harder. Unless they carpool together.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:53 PDT