Re: CRIME Article on Magic Lantern from ZDNET

From: Alan (alan@private)
Date: Sat Dec 08 2001 - 14:00:13 PST

  • Next message: Alan: "Re: CRIME Article on Magic Lantern from ZDNET"

    On Saturday 08 December 2001 14:36, Crispin Cowan wrote:
    > Alan wrote:
    > >On Saturday 08 December 2001 13:44, Crispin Cowan wrote:
    > >>>Unless the server is comprimised.  They you are SOL.
    > >>
    > >>Agreed.  Buy Immunix :-)
    > >
    > >Is 2.4.x available for it yet? (With the proper patches. I know Greg made
    > > one without, for testing purposes.)
    > Not as such. But you can just drop a 2.4 kernel into the Immunix 7
    > system if you want to, and you don't want the kernel security features.
    Actually, I do want the kernel security features. That is why I asked. 
    What is your opinion of the grsecurity patches at ?
    They look interesting, but I have not dug into them yet.
    > >>>There are also hardware ID devices like iButton and smart card
    > >>>authentication combined.
    > >>
    > >>There are also USB dongles that claim to be secure storage for PKI keys.
    > >>However, I'm unclear on how the human authenticates to the iButton or
    > >>the dongle. If there is no such authentication, then the attacker can
    > >>just steal the token to get access, i.e. it's not really 2-factor.
    > >>Anyone actually tried one? Is there a 2nd factor to authenticate the
    > >>human to the token?
    > >
    > >I would think it would depend on the implementation.  Authenticating
    > > humans is always difficult. (So few authentic humans out there,
    > > especially in Sales, Marketing and on television.)
    > The SecureID cards require the user to enter a PIN on the card's hexpad
    > keyboard. That's the kind of authentication I'm talking about. It is
    > more problematic with dongle-style tokens like iButtons and USB dongles,
    > as they (likely) will use the PC's keyboard to enter the user
    > authentication. That's problematic because it can be sniffed, unlike the
    > SecureID card's built-in keyboard.
    These are different than the SecureID devices I have seen in the past. They 
    were just time based one time passwords.  (That may be the protocol I was 
    thinking of that has been weakened.)

    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:58 PDT