Firewall Wizards mailing list archives
OTP for smartcards (Was: SecureID vs Certificates)
From: Carson Gaspar <carson () taltos org>
Date: Fri, 02 Mar 2001 00:20:48 -0800
--On Friday, February 16, 2001 9:23 AM +1100 Darren Reed <darrenr () reed wattle id au> wrote:
I've been playing with an iKey-2000 and while it's kind of cool when used with Netscape, it still requires a static password/pass phrase to unlock it. What I want is for that password to be an SKEY input (or similar).
This is certainly possible with today's smartcard technology. All OPIE requires is SHA1 and a small amount of storage. There are some potential obstacles:
- Does the card allow you to install your own code for PIN validation? (obviously fixable by the card manufacturer) - Does the card interface protocol allow for a challenge to be retreived before transmitting a PIN?
- Does PKCS#11 allow for said challenge? - Can the card accept a long-enough alpha-numeric PIN?It's probably worth talking to the Citi UMich folks about this. I'm sure Honey would love it.
-- Carson Gaspar - carson () taltos org Queen trapped in a butch body _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- OTP for smartcards (Was: SecureID vs Certificates) Carson Gaspar (Mar 02)