two factor authentication

Douglas E. Engert deengert at anl.gov
Wed Jul 26 07:42:20 EST 2006



William Ahern wrote:


> 
> Sometimes people make sarcastic comments like, "if you're afraid somebody is
> going to install a password sniffer or backdoor on your computer then you
> should keep your computer on your person at all times". Well, a smart card
> is a computer you keep in your pocket or at your side 24/7, and even more
> it's a computer that is, in all practicality, impossible to install malware
> on.

But most don't have any self contained I/O or logging capability. They depend
on the machine into which they are inserted. Once the pin has been given, to
unlock the card, the card does not know what it is signing, and the user can
not even tell if the card is being used, thus it could still be misused by some
back door to make a few more ssh conections, or sign a few more documents
without the user's knowledge.

So if you want to call it the computer in your pocket, it should have
some output indicator to at least tell the user it is being used.  A reader
with these capabilitoes cound alos help.

I am not saying there is anything better, but a smart card could be smarter.


> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the openssh-unix-dev mailing list