Alan wrote: >On Saturday 08 December 2001 13:44, Crispin Cowan wrote: > >>>Unless the server is comprimised. They you are SOL. >>> >>Agreed. Buy Immunix :-) >> >Is 2.4.x available for it yet? (With the proper patches. I know Greg made one >without, for testing purposes.) > Not as such. But you can just drop a 2.4 kernel into the Immunix 7 system if you want to, and you don't want the kernel security features. >>>There are also hardware ID devices like iButton and smart card >>>authentication combined. >>> >>There are also USB dongles that claim to be secure storage for PKI keys. >>However, I'm unclear on how the human authenticates to the iButton or >>the dongle. If there is no such authentication, then the attacker can >>just steal the token to get access, i.e. it's not really 2-factor. >>Anyone actually tried one? Is there a 2nd factor to authenticate the >>human to the token? >> >I would think it would depend on the implementation. Authenticating humans >is always difficult. (So few authentic humans out there, especially in Sales, >Marketing and on television.) > The SecureID cards require the user to enter a PIN on the card's hexpad keyboard. That's the kind of authentication I'm talking about. It is more problematic with dongle-style tokens like iButtons and USB dongles, as they (likely) will use the PC's keyboard to enter the user authentication. That's problematic because it can be sniffed, unlike the SecureID card's built-in keyboard. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:56 PDT