On Saturday 08 December 2001 14:36, Crispin Cowan wrote: > Alan wrote: > >On Saturday 08 December 2001 13:44, Crispin Cowan wrote: > >>>Unless the server is comprimised. They you are SOL. > >> > >>Agreed. Buy Immunix :-) > > > >Is 2.4.x available for it yet? (With the proper patches. I know Greg made > > one without, for testing purposes.) > > Not as such. But you can just drop a 2.4 kernel into the Immunix 7 > system if you want to, and you don't want the kernel security features. Actually, I do want the kernel security features. That is why I asked. What is your opinion of the grsecurity patches at http://www.grsecurity.net/ ? They look interesting, but I have not dug into them yet. > > >>>There are also hardware ID devices like iButton and smart card > >>>authentication combined. > >> > >>There are also USB dongles that claim to be secure storage for PKI keys. > >>However, I'm unclear on how the human authenticates to the iButton or > >>the dongle. If there is no such authentication, then the attacker can > >>just steal the token to get access, i.e. it's not really 2-factor. > >>Anyone actually tried one? Is there a 2nd factor to authenticate the > >>human to the token? > > > >I would think it would depend on the implementation. Authenticating > > humans is always difficult. (So few authentic humans out there, > > especially in Sales, Marketing and on television.) > > The SecureID cards require the user to enter a PIN on the card's hexpad > keyboard. That's the kind of authentication I'm talking about. It is > more problematic with dongle-style tokens like iButtons and USB dongles, > as they (likely) will use the PC's keyboard to enter the user > authentication. That's problematic because it can be sniffed, unlike the > SecureID card's built-in keyboard. These are different than the SecureID devices I have seen in the past. They were just time based one time passwords. (That may be the protocol I was thinking of that has been weakened.)
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:58 PDT